Message	Id	Version	Qualifiers	Level	Task	Opcode	Keywords	RecordId	ProviderName	ProviderId	LogName	ProcessId	ThreadId	MachineName	UserId	TimeCreated	ActivityId	RelatedActivityId	ContainerLog	MatchedQueryIds	Bookmark	LevelDisplayName	OpcodeDisplayName	TaskDisplayName	KeywordsDisplayNames	Properties
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da5a2216-43b0-43a5-a430-92b926a9378d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA= EngineVersion=5.1.14393.1944 RunspaceId=33ab01b0-3585-46fe-bc05-3da8c7decd67 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3119	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:54 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da5a2216-43b0-43a5-a430-92b926a9378d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3118	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:54 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da5a2216-43b0-43a5-a430-92b926a9378d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3117	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:54 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da5a2216-43b0-43a5-a430-92b926a9378d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3116	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:54 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da5a2216-43b0-43a5-a430-92b926a9378d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3115	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:54 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da5a2216-43b0-43a5-a430-92b926a9378d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3114	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:54 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da5a2216-43b0-43a5-a430-92b926a9378d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3113	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:54 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=da22551b-5239-4d01-98a3-188a882ec5ef HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f7f56d4e-d18e-4e04-a998-4c9c4baf5f38 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	3112	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:53 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da22551b-5239-4d01-98a3-188a882ec5ef HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f7f56d4e-d18e-4e04-a998-4c9c4baf5f38 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3111	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:53 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da22551b-5239-4d01-98a3-188a882ec5ef HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3110	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:53 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da22551b-5239-4d01-98a3-188a882ec5ef HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3109	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:53 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da22551b-5239-4d01-98a3-188a882ec5ef HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3108	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:53 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da22551b-5239-4d01-98a3-188a882ec5ef HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3107	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:53 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da22551b-5239-4d01-98a3-188a882ec5ef HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3106	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:53 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da22551b-5239-4d01-98a3-188a882ec5ef HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3105	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:53 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da22551b-5239-4d01-98a3-188a882ec5ef HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3104	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:53 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da22551b-5239-4d01-98a3-188a882ec5ef HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3103	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:53 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb76c57a-dda7-4efe-9316-be3da0780685 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=508c88f8-620c-4f4a-a6d9-8b8967251ed7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3102	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:52 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb76c57a-dda7-4efe-9316-be3da0780685 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3101	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:52 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb76c57a-dda7-4efe-9316-be3da0780685 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3100	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:52 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb76c57a-dda7-4efe-9316-be3da0780685 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3099	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:52 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb76c57a-dda7-4efe-9316-be3da0780685 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3098	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:52 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb76c57a-dda7-4efe-9316-be3da0780685 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3097	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:52 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb76c57a-dda7-4efe-9316-be3da0780685 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3096	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:52 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a91bd18b-38c8-4bdf-9d9b-2a06091b4f28 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABJAEEATgB3AEEAdQBBAEQAYwBBAE4AQQBBAHQAQQBEAEUAQQBPAEEAQQB4AEEARABNAEEATQBBAEEAMwBBAEQAQQBBAE0AQQBBADIAQQBEAEkAQQBOAEEAQQB3AEEARABrAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=0fd09d8f-03ff-4d0c-893a-7b04756e62c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3095	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3df48e7-01e1-4e72-97e7-5d70a387cc48 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIANwAuADcANAAtADEAOAAxADMAMAA3ADAAMAA2ADIANAAwADkAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=8e9b04dc-0472-4f58-b7db-4be86f43c7ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3094	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3df48e7-01e1-4e72-97e7-5d70a387cc48 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIANwAuADcANAAtADEAOAAxADMAMAA3ADAAMAA2ADIANAAwADkAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=8e9b04dc-0472-4f58-b7db-4be86f43c7ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3093	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3df48e7-01e1-4e72-97e7-5d70a387cc48 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIANwAuADcANAAtADEAOAAxADMAMAA3ADAAMAA2ADIANAAwADkAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3092	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3df48e7-01e1-4e72-97e7-5d70a387cc48 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIANwAuADcANAAtADEAOAAxADMAMAA3ADAAMAA2ADIANAAwADkAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3091	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3df48e7-01e1-4e72-97e7-5d70a387cc48 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIANwAuADcANAAtADEAOAAxADMAMAA3ADAAMAA2ADIANAAwADkAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3090	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3df48e7-01e1-4e72-97e7-5d70a387cc48 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIANwAuADcANAAtADEAOAAxADMAMAA3ADAAMAA2ADIANAAwADkAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3089	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3df48e7-01e1-4e72-97e7-5d70a387cc48 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIANwAuADcANAAtADEAOAAxADMAMAA3ADAAMAA2ADIANAAwADkAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3088	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3df48e7-01e1-4e72-97e7-5d70a387cc48 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIANwAuADcANAAtADEAOAAxADMAMAA3ADAAMAA2ADIANAAwADkAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3087	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a91bd18b-38c8-4bdf-9d9b-2a06091b4f28 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABJAEEATgB3AEEAdQBBAEQAYwBBAE4AQQBBAHQAQQBEAEUAQQBPAEEAQQB4AEEARABNAEEATQBBAEEAMwBBAEQAQQBBAE0AQQBBADIAQQBEAEkAQQBOAEEAQQB3AEEARABrAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=0fd09d8f-03ff-4d0c-893a-7b04756e62c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3086	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a91bd18b-38c8-4bdf-9d9b-2a06091b4f28 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABJAEEATgB3AEEAdQBBAEQAYwBBAE4AQQBBAHQAQQBEAEUAQQBPAEEAQQB4AEEARABNAEEATQBBAEEAMwBBAEQAQQBBAE0AQQBBADIAQQBEAEkAQQBOAEEAQQB3AEEARABrAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3085	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a91bd18b-38c8-4bdf-9d9b-2a06091b4f28 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABJAEEATgB3AEEAdQBBAEQAYwBBAE4AQQBBAHQAQQBEAEUAQQBPAEEAQQB4AEEARABNAEEATQBBAEEAMwBBAEQAQQBBAE0AQQBBADIAQQBEAEkAQQBOAEEAQQB3AEEARABrAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3084	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a91bd18b-38c8-4bdf-9d9b-2a06091b4f28 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABJAEEATgB3AEEAdQBBAEQAYwBBAE4AQQBBAHQAQQBEAEUAQQBPAEEAQQB4AEEARABNAEEATQBBAEEAMwBBAEQAQQBBAE0AQQBBADIAQQBEAEkAQQBOAEEAQQB3AEEARABrAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3083	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a91bd18b-38c8-4bdf-9d9b-2a06091b4f28 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABJAEEATgB3AEEAdQBBAEQAYwBBAE4AQQBBAHQAQQBEAEUAQQBPAEEAQQB4AEEARABNAEEATQBBAEEAMwBBAEQAQQBBAE0AQQBBADIAQQBEAEkAQQBOAEEAQQB3AEEARABrAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3082	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a91bd18b-38c8-4bdf-9d9b-2a06091b4f28 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABJAEEATgB3AEEAdQBBAEQAYwBBAE4AQQBBAHQAQQBEAEUAQQBPAEEAQQB4AEEARABNAEEATQBBAEEAMwBBAEQAQQBBAE0AQQBBADIAQQBEAEkAQQBOAEEAQQB3AEEARABrAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3081	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a91bd18b-38c8-4bdf-9d9b-2a06091b4f28 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABJAEEATgB3AEEAdQBBAEQAYwBBAE4AQQBBAHQAQQBEAEUAQQBPAEEAQQB4AEEARABNAEEATQBBAEEAMwBBAEQAQQBBAE0AQQBBADIAQQBEAEkAQQBOAEEAQQB3AEEARABrAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3080	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1875a75a-8ee3-43a6-a1e7-c10f6f1faa18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2acabce5-e3ac-4c0c-b3de-3c1360420a76 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3079	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84786441-98a6-43c0-96b1-fce3825031d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=71e266c3-9acf-4604-8144-4114079d94f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3078	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84786441-98a6-43c0-96b1-fce3825031d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3077	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84786441-98a6-43c0-96b1-fce3825031d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3076	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84786441-98a6-43c0-96b1-fce3825031d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3075	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84786441-98a6-43c0-96b1-fce3825031d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3074	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84786441-98a6-43c0-96b1-fce3825031d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3073	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84786441-98a6-43c0-96b1-fce3825031d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3072	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84786441-98a6-43c0-96b1-fce3825031d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3071	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84786441-98a6-43c0-96b1-fce3825031d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3070	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:51 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1875a75a-8ee3-43a6-a1e7-c10f6f1faa18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2acabce5-e3ac-4c0c-b3de-3c1360420a76 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3069	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:50 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1875a75a-8ee3-43a6-a1e7-c10f6f1faa18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3068	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:50 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1875a75a-8ee3-43a6-a1e7-c10f6f1faa18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3067	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:50 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1875a75a-8ee3-43a6-a1e7-c10f6f1faa18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3066	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:50 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1875a75a-8ee3-43a6-a1e7-c10f6f1faa18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3065	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:50 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1875a75a-8ee3-43a6-a1e7-c10f6f1faa18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3064	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:50 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1875a75a-8ee3-43a6-a1e7-c10f6f1faa18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3063	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:50 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b07a1e2f-d81f-4318-b662-a864050c8f23 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIANwAuADcANAAtADEAOAAxADMAMAA3ADAAMAA2ADIANAAwADkAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=2d5d461e-47f7-4cc6-a2c8-945c35a26cfb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3062	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:50 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b07a1e2f-d81f-4318-b662-a864050c8f23 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIANwAuADcANAAtADEAOAAxADMAMAA3ADAAMAA2ADIANAAwADkAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=2d5d461e-47f7-4cc6-a2c8-945c35a26cfb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3061	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:49 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b07a1e2f-d81f-4318-b662-a864050c8f23 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIANwAuADcANAAtADEAOAAxADMAMAA3ADAAMAA2ADIANAAwADkAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3060	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:49 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b07a1e2f-d81f-4318-b662-a864050c8f23 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIANwAuADcANAAtADEAOAAxADMAMAA3ADAAMAA2ADIANAAwADkAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3059	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:49 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b07a1e2f-d81f-4318-b662-a864050c8f23 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIANwAuADcANAAtADEAOAAxADMAMAA3ADAAMAA2ADIANAAwADkAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3058	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:49 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b07a1e2f-d81f-4318-b662-a864050c8f23 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIANwAuADcANAAtADEAOAAxADMAMAA3ADAAMAA2ADIANAAwADkAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3057	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:49 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b07a1e2f-d81f-4318-b662-a864050c8f23 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIANwAuADcANAAtADEAOAAxADMAMAA3ADAAMAA2ADIANAAwADkAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3056	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:49 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b07a1e2f-d81f-4318-b662-a864050c8f23 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIANwAuADcANAAtADEAOAAxADMAMAA3ADAAMAA2ADIANAAwADkAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3055	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:49 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f3aa2e64-ff2e-493f-b42a-c9e4fa0b5257 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c7582378-9834-4ea5-9a40-838f2677e432 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3054	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:49 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e116bb9c-4153-4b1c-b385-b89ef17a77d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=0c70d625-f608-4a43-8e67-21c55431bbfc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3053	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:49 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e116bb9c-4153-4b1c-b385-b89ef17a77d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3052	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:49 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e116bb9c-4153-4b1c-b385-b89ef17a77d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3051	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:49 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e116bb9c-4153-4b1c-b385-b89ef17a77d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3050	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:49 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e116bb9c-4153-4b1c-b385-b89ef17a77d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3049	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:49 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e116bb9c-4153-4b1c-b385-b89ef17a77d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3048	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:49 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e116bb9c-4153-4b1c-b385-b89ef17a77d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3047	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:49 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e116bb9c-4153-4b1c-b385-b89ef17a77d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3046	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:49 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e116bb9c-4153-4b1c-b385-b89ef17a77d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3045	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:49 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f3aa2e64-ff2e-493f-b42a-c9e4fa0b5257 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c7582378-9834-4ea5-9a40-838f2677e432 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3044	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:48 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f3aa2e64-ff2e-493f-b42a-c9e4fa0b5257 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3043	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:48 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f3aa2e64-ff2e-493f-b42a-c9e4fa0b5257 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3042	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:48 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f3aa2e64-ff2e-493f-b42a-c9e4fa0b5257 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3041	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:48 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f3aa2e64-ff2e-493f-b42a-c9e4fa0b5257 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3040	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:48 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f3aa2e64-ff2e-493f-b42a-c9e4fa0b5257 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3039	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:48 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f3aa2e64-ff2e-493f-b42a-c9e4fa0b5257 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3038	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:48 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82772a6c-8b3f-48da-a46f-81ad66810df2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAGcAQQAzAEEAQwA0AEEATgB3AEEAMABBAEMAMABBAE0AUQBBADQAQQBEAEUAQQBNAHcAQQB3AEEARABjAEEATQBBAEEAdwBBAEQAWQBBAE0AZwBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=b83a9922-a605-486b-b5a8-ab3f7c097df8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3037	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:48 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=067ae81c-a096-42a0-b8af-b0cde1842f09 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMgA3AC4ANwA0AC0AMQA4ADEAMwAwADcAMAAwADYAMgA0ADAAOQAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=05e3d050-ac6a-4e18-82ca-cf1b4b10936f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3036	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:48 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=067ae81c-a096-42a0-b8af-b0cde1842f09 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMgA3AC4ANwA0AC0AMQA4ADEAMwAwADcAMAAwADYAMgA0ADAAOQAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=05e3d050-ac6a-4e18-82ca-cf1b4b10936f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3035	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:48 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=067ae81c-a096-42a0-b8af-b0cde1842f09 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMgA3AC4ANwA0AC0AMQA4ADEAMwAwADcAMAAwADYAMgA0ADAAOQAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3034	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:48 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=067ae81c-a096-42a0-b8af-b0cde1842f09 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMgA3AC4ANwA0AC0AMQA4ADEAMwAwADcAMAAwADYAMgA0ADAAOQAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3033	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:48 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=067ae81c-a096-42a0-b8af-b0cde1842f09 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMgA3AC4ANwA0AC0AMQA4ADEAMwAwADcAMAAwADYAMgA0ADAAOQAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3032	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:48 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=067ae81c-a096-42a0-b8af-b0cde1842f09 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMgA3AC4ANwA0AC0AMQA4ADEAMwAwADcAMAAwADYAMgA0ADAAOQAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3031	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:48 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=067ae81c-a096-42a0-b8af-b0cde1842f09 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMgA3AC4ANwA0AC0AMQA4ADEAMwAwADcAMAAwADYAMgA0ADAAOQAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3030	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:48 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=067ae81c-a096-42a0-b8af-b0cde1842f09 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMgA3AC4ANwA0AC0AMQA4ADEAMwAwADcAMAAwADYAMgA0ADAAOQAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3029	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:48 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82772a6c-8b3f-48da-a46f-81ad66810df2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAGcAQQAzAEEAQwA0AEEATgB3AEEAMABBAEMAMABBAE0AUQBBADQAQQBEAEUAQQBNAHcAQQB3AEEARABjAEEATQBBAEEAdwBBAEQAWQBBAE0AZwBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=b83a9922-a605-486b-b5a8-ab3f7c097df8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3028	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82772a6c-8b3f-48da-a46f-81ad66810df2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAGcAQQAzAEEAQwA0AEEATgB3AEEAMABBAEMAMABBAE0AUQBBADQAQQBEAEUAQQBNAHcAQQB3AEEARABjAEEATQBBAEEAdwBBAEQAWQBBAE0AZwBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3027	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82772a6c-8b3f-48da-a46f-81ad66810df2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAGcAQQAzAEEAQwA0AEEATgB3AEEAMABBAEMAMABBAE0AUQBBADQAQQBEAEUAQQBNAHcAQQB3AEEARABjAEEATQBBAEEAdwBBAEQAWQBBAE0AZwBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3026	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82772a6c-8b3f-48da-a46f-81ad66810df2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAGcAQQAzAEEAQwA0AEEATgB3AEEAMABBAEMAMABBAE0AUQBBADQAQQBEAEUAQQBNAHcAQQB3AEEARABjAEEATQBBAEEAdwBBAEQAWQBBAE0AZwBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3025	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82772a6c-8b3f-48da-a46f-81ad66810df2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAGcAQQAzAEEAQwA0AEEATgB3AEEAMABBAEMAMABBAE0AUQBBADQAQQBEAEUAQQBNAHcAQQB3AEEARABjAEEATQBBAEEAdwBBAEQAWQBBAE0AZwBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3024	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82772a6c-8b3f-48da-a46f-81ad66810df2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAGcAQQAzAEEAQwA0AEEATgB3AEEAMABBAEMAMABBAE0AUQBBADQAQQBEAEUAQQBNAHcAQQB3AEEARABjAEEATQBBAEEAdwBBAEQAWQBBAE0AZwBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3023	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82772a6c-8b3f-48da-a46f-81ad66810df2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAGcAQQAzAEEAQwA0AEEATgB3AEEAMABBAEMAMABBAE0AUQBBADQAQQBEAEUAQQBNAHcAQQB3AEEARABjAEEATQBBAEEAdwBBAEQAWQBBAE0AZwBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3022	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b8bd3987-c58b-42c1-84b6-2b2726e0ba08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABJAEEATQB3AEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQAwAEEARABVAEEATgBBAEEAegBBAEQASQBBAE0AZwBBADUAQQBEAFEAQQBPAEEAQQAzAEEARABJAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=2c933192-00b2-4a73-abfe-1c178fd4ab73 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3021	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cd733d6-e4b7-47aa-87b4-d8126101ad47 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIAMwAuADQAMQAtADIANgA0ADUANAAzADIAMgA5ADQAOAA3ADIAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=8c4049c2-bf64-4e6d-b8d0-7c269ef51fe9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3020	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cd733d6-e4b7-47aa-87b4-d8126101ad47 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIAMwAuADQAMQAtADIANgA0ADUANAAzADIAMgA5ADQAOAA3ADIAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=8c4049c2-bf64-4e6d-b8d0-7c269ef51fe9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3019	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cd733d6-e4b7-47aa-87b4-d8126101ad47 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIAMwAuADQAMQAtADIANgA0ADUANAAzADIAMgA5ADQAOAA3ADIAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3018	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cd733d6-e4b7-47aa-87b4-d8126101ad47 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIAMwAuADQAMQAtADIANgA0ADUANAAzADIAMgA5ADQAOAA3ADIAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3017	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cd733d6-e4b7-47aa-87b4-d8126101ad47 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIAMwAuADQAMQAtADIANgA0ADUANAAzADIAMgA5ADQAOAA3ADIAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3016	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cd733d6-e4b7-47aa-87b4-d8126101ad47 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIAMwAuADQAMQAtADIANgA0ADUANAAzADIAMgA5ADQAOAA3ADIAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3015	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cd733d6-e4b7-47aa-87b4-d8126101ad47 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIAMwAuADQAMQAtADIANgA0ADUANAAzADIAMgA5ADQAOAA3ADIAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3014	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cd733d6-e4b7-47aa-87b4-d8126101ad47 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIAMwAuADQAMQAtADIANgA0ADUANAAzADIAMgA5ADQAOAA3ADIAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3013	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b8bd3987-c58b-42c1-84b6-2b2726e0ba08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABJAEEATQB3AEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQAwAEEARABVAEEATgBBAEEAegBBAEQASQBBAE0AZwBBADUAQQBEAFEAQQBPAEEAQQAzAEEARABJAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=2c933192-00b2-4a73-abfe-1c178fd4ab73 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3012	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b8bd3987-c58b-42c1-84b6-2b2726e0ba08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABJAEEATQB3AEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQAwAEEARABVAEEATgBBAEEAegBBAEQASQBBAE0AZwBBADUAQQBEAFEAQQBPAEEAQQAzAEEARABJAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3011	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b8bd3987-c58b-42c1-84b6-2b2726e0ba08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABJAEEATQB3AEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQAwAEEARABVAEEATgBBAEEAegBBAEQASQBBAE0AZwBBADUAQQBEAFEAQQBPAEEAQQAzAEEARABJAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3010	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b8bd3987-c58b-42c1-84b6-2b2726e0ba08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABJAEEATQB3AEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQAwAEEARABVAEEATgBBAEEAegBBAEQASQBBAE0AZwBBADUAQQBEAFEAQQBPAEEAQQAzAEEARABJAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3009	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b8bd3987-c58b-42c1-84b6-2b2726e0ba08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABJAEEATQB3AEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQAwAEEARABVAEEATgBBAEEAegBBAEQASQBBAE0AZwBBADUAQQBEAFEAQQBPAEEAQQAzAEEARABJAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3008	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b8bd3987-c58b-42c1-84b6-2b2726e0ba08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABJAEEATQB3AEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQAwAEEARABVAEEATgBBAEEAegBBAEQASQBBAE0AZwBBADUAQQBEAFEAQQBPAEEAQQAzAEEARABJAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3007	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b8bd3987-c58b-42c1-84b6-2b2726e0ba08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABJAEEATQB3AEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQAwAEEARABVAEEATgBBAEEAegBBAEQASQBBAE0AZwBBADUAQQBEAFEAQQBPAEEAQQAzAEEARABJAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3006	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=923d2247-66ff-4745-95c3-2111679a0c57 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b20da26e-99f0-4e77-83db-19aa620ceeb5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3005	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=67235544-16c8-42f2-8e66-349e2523d7f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c08335d9-efb2-45b2-9657-8b86b5d787a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3004	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:46 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=67235544-16c8-42f2-8e66-349e2523d7f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3003	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:46 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=67235544-16c8-42f2-8e66-349e2523d7f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3002	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:46 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=67235544-16c8-42f2-8e66-349e2523d7f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3001	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:46 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=67235544-16c8-42f2-8e66-349e2523d7f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3000	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:46 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=67235544-16c8-42f2-8e66-349e2523d7f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2999	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:46 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=67235544-16c8-42f2-8e66-349e2523d7f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2998	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:46 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=67235544-16c8-42f2-8e66-349e2523d7f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2997	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:46 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=67235544-16c8-42f2-8e66-349e2523d7f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2996	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:46 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=923d2247-66ff-4745-95c3-2111679a0c57 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b20da26e-99f0-4e77-83db-19aa620ceeb5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2995	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:46 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=923d2247-66ff-4745-95c3-2111679a0c57 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2994	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:46 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=923d2247-66ff-4745-95c3-2111679a0c57 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2993	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:46 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=923d2247-66ff-4745-95c3-2111679a0c57 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2992	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:46 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=923d2247-66ff-4745-95c3-2111679a0c57 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2991	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:46 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=923d2247-66ff-4745-95c3-2111679a0c57 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2990	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:46 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=923d2247-66ff-4745-95c3-2111679a0c57 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2989	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:46 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2913fffa-716d-4a0e-96d9-f8fae5ee4a9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIAMwAuADQAMQAtADIANgA0ADUANAAzADIAMgA5ADQAOAA3ADIAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=b8ffaaab-f6e7-4858-8c4d-377a9e5a2719 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2988	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:45 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2913fffa-716d-4a0e-96d9-f8fae5ee4a9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIAMwAuADQAMQAtADIANgA0ADUANAAzADIAMgA5ADQAOAA3ADIAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=b8ffaaab-f6e7-4858-8c4d-377a9e5a2719 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2987	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:45 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2913fffa-716d-4a0e-96d9-f8fae5ee4a9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIAMwAuADQAMQAtADIANgA0ADUANAAzADIAMgA5ADQAOAA3ADIAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2986	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:45 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2913fffa-716d-4a0e-96d9-f8fae5ee4a9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIAMwAuADQAMQAtADIANgA0ADUANAAzADIAMgA5ADQAOAA3ADIAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2985	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:45 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2913fffa-716d-4a0e-96d9-f8fae5ee4a9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIAMwAuADQAMQAtADIANgA0ADUANAAzADIAMgA5ADQAOAA3ADIAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2984	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:45 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2913fffa-716d-4a0e-96d9-f8fae5ee4a9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIAMwAuADQAMQAtADIANgA0ADUANAAzADIAMgA5ADQAOAA3ADIAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2983	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:45 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2913fffa-716d-4a0e-96d9-f8fae5ee4a9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIAMwAuADQAMQAtADIANgA0ADUANAAzADIAMgA5ADQAOAA3ADIAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2982	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:45 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2913fffa-716d-4a0e-96d9-f8fae5ee4a9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADIAMwAuADQAMQAtADIANgA0ADUANAAzADIAMgA5ADQAOAA3ADIAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2981	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:45 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6416191-fa66-4433-bb51-31fb3541444c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4e92c421-a09e-4949-83e6-808737b9e4c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2980	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:45 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c837d8a9-1fcf-4601-b524-bf8ab2b1c0e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=050f0c80-b889-49a4-9669-318f938301d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2979	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:45 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c837d8a9-1fcf-4601-b524-bf8ab2b1c0e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2978	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:45 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c837d8a9-1fcf-4601-b524-bf8ab2b1c0e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2977	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:45 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c837d8a9-1fcf-4601-b524-bf8ab2b1c0e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2976	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:45 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c837d8a9-1fcf-4601-b524-bf8ab2b1c0e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2975	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:45 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c837d8a9-1fcf-4601-b524-bf8ab2b1c0e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2974	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:45 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c837d8a9-1fcf-4601-b524-bf8ab2b1c0e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2973	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:45 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c837d8a9-1fcf-4601-b524-bf8ab2b1c0e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2972	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:45 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c837d8a9-1fcf-4601-b524-bf8ab2b1c0e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2971	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:45 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6416191-fa66-4433-bb51-31fb3541444c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4e92c421-a09e-4949-83e6-808737b9e4c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2970	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:44 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6416191-fa66-4433-bb51-31fb3541444c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2969	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:44 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6416191-fa66-4433-bb51-31fb3541444c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2968	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:44 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6416191-fa66-4433-bb51-31fb3541444c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2967	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:44 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6416191-fa66-4433-bb51-31fb3541444c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2966	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:44 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6416191-fa66-4433-bb51-31fb3541444c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2965	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:44 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6416191-fa66-4433-bb51-31fb3541444c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2964	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:44 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8176058-6c24-4045-9c34-15b40dcb59d4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAGcAQQB6AEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE0AZwBBADIAQQBEAFEAQQBOAFEAQQAwAEEARABNAEEATQBnAEEAeQBBAEQAawBBAE4AQQBBADQAQQBEAGMAQQBNAGcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=da61dffa-4743-4c5d-b4d6-44637d16e54d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2963	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:44 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1432a5e4-2ee6-4a0a-b5ac-f65bd3538661 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMgAzAC4ANAAxAC0AMgA2ADQANQA0ADMAMgAyADkANAA4ADcAMgAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=0a5c4328-7eae-4d55-97b4-d1d9340fd88f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2962	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:44 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1432a5e4-2ee6-4a0a-b5ac-f65bd3538661 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMgAzAC4ANAAxAC0AMgA2ADQANQA0ADMAMgAyADkANAA4ADcAMgAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=0a5c4328-7eae-4d55-97b4-d1d9340fd88f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2961	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1432a5e4-2ee6-4a0a-b5ac-f65bd3538661 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMgAzAC4ANAAxAC0AMgA2ADQANQA0ADMAMgAyADkANAA4ADcAMgAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2960	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1432a5e4-2ee6-4a0a-b5ac-f65bd3538661 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMgAzAC4ANAAxAC0AMgA2ADQANQA0ADMAMgAyADkANAA4ADcAMgAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2959	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1432a5e4-2ee6-4a0a-b5ac-f65bd3538661 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMgAzAC4ANAAxAC0AMgA2ADQANQA0ADMAMgAyADkANAA4ADcAMgAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2958	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1432a5e4-2ee6-4a0a-b5ac-f65bd3538661 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMgAzAC4ANAAxAC0AMgA2ADQANQA0ADMAMgAyADkANAA4ADcAMgAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2957	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1432a5e4-2ee6-4a0a-b5ac-f65bd3538661 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMgAzAC4ANAAxAC0AMgA2ADQANQA0ADMAMgAyADkANAA4ADcAMgAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2956	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1432a5e4-2ee6-4a0a-b5ac-f65bd3538661 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMgAzAC4ANAAxAC0AMgA2ADQANQA0ADMAMgAyADkANAA4ADcAMgAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2955	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8176058-6c24-4045-9c34-15b40dcb59d4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAGcAQQB6AEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE0AZwBBADIAQQBEAFEAQQBOAFEAQQAwAEEARABNAEEATQBnAEEAeQBBAEQAawBBAE4AQQBBADQAQQBEAGMAQQBNAGcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=da61dffa-4743-4c5d-b4d6-44637d16e54d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2954	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8176058-6c24-4045-9c34-15b40dcb59d4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAGcAQQB6AEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE0AZwBBADIAQQBEAFEAQQBOAFEAQQAwAEEARABNAEEATQBnAEEAeQBBAEQAawBBAE4AQQBBADQAQQBEAGMAQQBNAGcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2953	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8176058-6c24-4045-9c34-15b40dcb59d4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAGcAQQB6AEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE0AZwBBADIAQQBEAFEAQQBOAFEAQQAwAEEARABNAEEATQBnAEEAeQBBAEQAawBBAE4AQQBBADQAQQBEAGMAQQBNAGcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2952	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8176058-6c24-4045-9c34-15b40dcb59d4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAGcAQQB6AEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE0AZwBBADIAQQBEAFEAQQBOAFEAQQAwAEEARABNAEEATQBnAEEAeQBBAEQAawBBAE4AQQBBADQAQQBEAGMAQQBNAGcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2951	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8176058-6c24-4045-9c34-15b40dcb59d4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAGcAQQB6AEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE0AZwBBADIAQQBEAFEAQQBOAFEAQQAwAEEARABNAEEATQBnAEEAeQBBAEQAawBBAE4AQQBBADQAQQBEAGMAQQBNAGcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2950	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8176058-6c24-4045-9c34-15b40dcb59d4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAGcAQQB6AEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE0AZwBBADIAQQBEAFEAQQBOAFEAQQAwAEEARABNAEEATQBnAEEAeQBBAEQAawBBAE4AQQBBADQAQQBEAGMAQQBNAGcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2949	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8176058-6c24-4045-9c34-15b40dcb59d4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAGcAQQB6AEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE0AZwBBADIAQQBEAFEAQQBOAFEAQQAwAEEARABNAEEATQBnAEEAeQBBAEQAawBBAE4AQQBBADQAQQBEAGMAQQBNAGcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2948	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b4423b23-a0e4-4842-bef0-698e3f4753d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABFAEEATwBBAEEAdQBBAEQAYwBBAE4AUQBBAHQAQQBEAFEAQQBPAEEAQQAwAEEARABVAEEATgBRAEEAegBBAEQATQBBAE0AZwBBAHkAQQBEAEUAQQBNAHcAQQB6AEEARABNAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion=5.1.14393.1944 RunspaceId=ca99f0c6-49f6-4855-a716-ba3579d41e83 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2947	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=867aa235-3e4d-4f5b-b5f7-0d6c70fddea1 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADEAOAAuADcANQAtADQAOAA0ADUANQAzADMAMgAyADEAMwAzADMAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion=5.1.14393.1944 RunspaceId=2c49834d-655f-40ce-bcb2-3b9f862dabc7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2946	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=867aa235-3e4d-4f5b-b5f7-0d6c70fddea1 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADEAOAAuADcANQAtADQAOAA0ADUANQAzADMAMgAyADEAMwAzADMAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion=5.1.14393.1944 RunspaceId=2c49834d-655f-40ce-bcb2-3b9f862dabc7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2945	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=867aa235-3e4d-4f5b-b5f7-0d6c70fddea1 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADEAOAAuADcANQAtADQAOAA0ADUANQAzADMAMgAyADEAMwAzADMAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2944	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=867aa235-3e4d-4f5b-b5f7-0d6c70fddea1 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADEAOAAuADcANQAtADQAOAA0ADUANQAzADMAMgAyADEAMwAzADMAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2943	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=867aa235-3e4d-4f5b-b5f7-0d6c70fddea1 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADEAOAAuADcANQAtADQAOAA0ADUANQAzADMAMgAyADEAMwAzADMAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2942	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=867aa235-3e4d-4f5b-b5f7-0d6c70fddea1 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADEAOAAuADcANQAtADQAOAA0ADUANQAzADMAMgAyADEAMwAzADMAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2941	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=867aa235-3e4d-4f5b-b5f7-0d6c70fddea1 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADEAOAAuADcANQAtADQAOAA0ADUANQAzADMAMgAyADEAMwAzADMAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2940	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=867aa235-3e4d-4f5b-b5f7-0d6c70fddea1 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADEAOAAuADcANQAtADQAOAA0ADUANQAzADMAMgAyADEAMwAzADMAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2939	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b4423b23-a0e4-4842-bef0-698e3f4753d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABFAEEATwBBAEEAdQBBAEQAYwBBAE4AUQBBAHQAQQBEAFEAQQBPAEEAQQAwAEEARABVAEEATgBRAEEAegBBAEQATQBBAE0AZwBBAHkAQQBEAEUAQQBNAHcAQQB6AEEARABNAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion=5.1.14393.1944 RunspaceId=ca99f0c6-49f6-4855-a716-ba3579d41e83 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2938	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b4423b23-a0e4-4842-bef0-698e3f4753d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABFAEEATwBBAEEAdQBBAEQAYwBBAE4AUQBBAHQAQQBEAFEAQQBPAEEAQQAwAEEARABVAEEATgBRAEEAegBBAEQATQBBAE0AZwBBAHkAQQBEAEUAQQBNAHcAQQB6AEEARABNAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2937	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b4423b23-a0e4-4842-bef0-698e3f4753d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABFAEEATwBBAEEAdQBBAEQAYwBBAE4AUQBBAHQAQQBEAFEAQQBPAEEAQQAwAEEARABVAEEATgBRAEEAegBBAEQATQBBAE0AZwBBAHkAQQBEAEUAQQBNAHcAQQB6AEEARABNAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2936	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b4423b23-a0e4-4842-bef0-698e3f4753d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABFAEEATwBBAEEAdQBBAEQAYwBBAE4AUQBBAHQAQQBEAFEAQQBPAEEAQQAwAEEARABVAEEATgBRAEEAegBBAEQATQBBAE0AZwBBAHkAQQBEAEUAQQBNAHcAQQB6AEEARABNAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2935	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b4423b23-a0e4-4842-bef0-698e3f4753d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABFAEEATwBBAEEAdQBBAEQAYwBBAE4AUQBBAHQAQQBEAFEAQQBPAEEAQQAwAEEARABVAEEATgBRAEEAegBBAEQATQBBAE0AZwBBAHkAQQBEAEUAQQBNAHcAQQB6AEEARABNAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2934	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b4423b23-a0e4-4842-bef0-698e3f4753d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABFAEEATwBBAEEAdQBBAEQAYwBBAE4AUQBBAHQAQQBEAFEAQQBPAEEAQQAwAEEARABVAEEATgBRAEEAegBBAEQATQBBAE0AZwBBAHkAQQBEAEUAQQBNAHcAQQB6AEEARABNAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2933	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b4423b23-a0e4-4842-bef0-698e3f4753d3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFkAQQBNAGcAQQB4AEEARABFAEEATwBBAEEAdQBBAEQAYwBBAE4AUQBBAHQAQQBEAFEAQQBPAEEAQQAwAEEARABVAEEATgBRAEEAegBBAEQATQBBAE0AZwBBAHkAQQBEAEUAQQBNAHcAQQB6AEEARABNAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2932	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a145bb7e-4aa6-4c26-85ee-a9e43bfa0781 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=17d3fd52-52f9-4481-8d68-365cfe59c5a5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2931	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c6b40885-2ad6-4f72-9db4-4f6cd79d9198 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=460c32e8-eb28-4c20-9786-0029fdcc2e96 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2930	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c6b40885-2ad6-4f72-9db4-4f6cd79d9198 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2929	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c6b40885-2ad6-4f72-9db4-4f6cd79d9198 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2928	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c6b40885-2ad6-4f72-9db4-4f6cd79d9198 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2927	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c6b40885-2ad6-4f72-9db4-4f6cd79d9198 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2926	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c6b40885-2ad6-4f72-9db4-4f6cd79d9198 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2925	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c6b40885-2ad6-4f72-9db4-4f6cd79d9198 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2924	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c6b40885-2ad6-4f72-9db4-4f6cd79d9198 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2923	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c6b40885-2ad6-4f72-9db4-4f6cd79d9198 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2922	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a145bb7e-4aa6-4c26-85ee-a9e43bfa0781 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=17d3fd52-52f9-4481-8d68-365cfe59c5a5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2921	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:41 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a145bb7e-4aa6-4c26-85ee-a9e43bfa0781 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2920	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:41 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a145bb7e-4aa6-4c26-85ee-a9e43bfa0781 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2919	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:41 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a145bb7e-4aa6-4c26-85ee-a9e43bfa0781 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2918	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:41 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a145bb7e-4aa6-4c26-85ee-a9e43bfa0781 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2917	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:41 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a145bb7e-4aa6-4c26-85ee-a9e43bfa0781 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2916	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:41 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a145bb7e-4aa6-4c26-85ee-a9e43bfa0781 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2915	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:41 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=527c1916-a18d-47f2-86c2-39b8849a7daf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADEAOAAuADcANQAtADQAOAA0ADUANQAzADMAMgAyADEAMwAzADMAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion=5.1.14393.1944 RunspaceId=a21d9ab5-4ecf-4573-b421-25021dce1479 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2914	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:41 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=527c1916-a18d-47f2-86c2-39b8849a7daf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADEAOAAuADcANQAtADQAOAA0ADUANQAzADMAMgAyADEAMwAzADMAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion=5.1.14393.1944 RunspaceId=a21d9ab5-4ecf-4573-b421-25021dce1479 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2913	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:41 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=527c1916-a18d-47f2-86c2-39b8849a7daf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADEAOAAuADcANQAtADQAOAA0ADUANQAzADMAMgAyADEAMwAzADMAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2912	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:41 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=527c1916-a18d-47f2-86c2-39b8849a7daf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADEAOAAuADcANQAtADQAOAA0ADUANQAzADMAMgAyADEAMwAzADMAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2911	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:41 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=527c1916-a18d-47f2-86c2-39b8849a7daf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADEAOAAuADcANQAtADQAOAA0ADUANQAzADMAMgAyADEAMwAzADMAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2910	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:41 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=527c1916-a18d-47f2-86c2-39b8849a7daf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADEAOAAuADcANQAtADQAOAA0ADUANQAzADMAMgAyADEAMwAzADMAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2909	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:41 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=527c1916-a18d-47f2-86c2-39b8849a7daf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADEAOAAuADcANQAtADQAOAA0ADUANQAzADMAMgAyADEAMwAzADMAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2908	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:41 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=527c1916-a18d-47f2-86c2-39b8849a7daf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADYAMgAxADEAOAAuADcANQAtADQAOAA0ADUANQAzADMAMgAyADEAMwAzADMAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2907	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:41 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c838982-c65b-46ff-bf8a-fb9b9b963d5b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6eebf7a8-be0c-4ca1-8219-cf13bc135e45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2906	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:40 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=90e8af2b-792c-4a91-b72a-44943e4489aa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9c1d1b23-8712-4966-aa44-f9a0390e8dc4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2905	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:40 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=90e8af2b-792c-4a91-b72a-44943e4489aa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2904	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:40 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=90e8af2b-792c-4a91-b72a-44943e4489aa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2903	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:40 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=90e8af2b-792c-4a91-b72a-44943e4489aa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2902	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:40 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=90e8af2b-792c-4a91-b72a-44943e4489aa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2901	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:40 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=90e8af2b-792c-4a91-b72a-44943e4489aa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2900	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:40 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=90e8af2b-792c-4a91-b72a-44943e4489aa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2899	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:40 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=90e8af2b-792c-4a91-b72a-44943e4489aa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2898	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:40 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=90e8af2b-792c-4a91-b72a-44943e4489aa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2897	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:40 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c838982-c65b-46ff-bf8a-fb9b9b963d5b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6eebf7a8-be0c-4ca1-8219-cf13bc135e45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2896	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c838982-c65b-46ff-bf8a-fb9b9b963d5b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2895	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c838982-c65b-46ff-bf8a-fb9b9b963d5b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2894	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c838982-c65b-46ff-bf8a-fb9b9b963d5b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2893	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c838982-c65b-46ff-bf8a-fb9b9b963d5b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2892	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c838982-c65b-46ff-bf8a-fb9b9b963d5b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2891	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c838982-c65b-46ff-bf8a-fb9b9b963d5b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2890	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=23efe4d1-c4a3-4030-81e4-1a3d94f78281 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAFEAQQA0AEEAQwA0AEEATgB3AEEAMQBBAEMAMABBAE4AQQBBADQAQQBEAFEAQQBOAFEAQQAxAEEARABNAEEATQB3AEEAeQBBAEQASQBBAE0AUQBBAHoAQQBEAE0AQQBNAHcAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion=5.1.14393.1944 RunspaceId=27d8ff82-75a7-46aa-b7bc-53e3739d86b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2889	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=14d7cda5-5707-430b-9ae3-cdf38a67afc5 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMQA4AC4ANwA1AC0ANAA4ADQANQA1ADMAMwAyADIAMQAzADMAMwAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion=5.1.14393.1944 RunspaceId=8d30b86c-99ce-4d72-9b3a-ef630b00f8c4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2888	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=14d7cda5-5707-430b-9ae3-cdf38a67afc5 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMQA4AC4ANwA1AC0ANAA4ADQANQA1ADMAMwAyADIAMQAzADMAMwAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion=5.1.14393.1944 RunspaceId=8d30b86c-99ce-4d72-9b3a-ef630b00f8c4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2887	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=14d7cda5-5707-430b-9ae3-cdf38a67afc5 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMQA4AC4ANwA1AC0ANAA4ADQANQA1ADMAMwAyADIAMQAzADMAMwAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2886	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=14d7cda5-5707-430b-9ae3-cdf38a67afc5 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMQA4AC4ANwA1AC0ANAA4ADQANQA1ADMAMwAyADIAMQAzADMAMwAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2885	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=14d7cda5-5707-430b-9ae3-cdf38a67afc5 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMQA4AC4ANwA1AC0ANAA4ADQANQA1ADMAMwAyADIAMQAzADMAMwAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2884	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=14d7cda5-5707-430b-9ae3-cdf38a67afc5 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMQA4AC4ANwA1AC0ANAA4ADQANQA1ADMAMwAyADIAMQAzADMAMwAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2883	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=14d7cda5-5707-430b-9ae3-cdf38a67afc5 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMQA4AC4ANwA1AC0ANAA4ADQANQA1ADMAMwAyADIAMQAzADMAMwAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2882	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=14d7cda5-5707-430b-9ae3-cdf38a67afc5 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANgAyADEAMQA4AC4ANwA1AC0ANAA4ADQANQA1ADMAMwAyADIAMQAzADMAMwAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2881	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=23efe4d1-c4a3-4030-81e4-1a3d94f78281 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAFEAQQA0AEEAQwA0AEEATgB3AEEAMQBBAEMAMABBAE4AQQBBADQAQQBEAFEAQQBOAFEAQQAxAEEARABNAEEATQB3AEEAeQBBAEQASQBBAE0AUQBBAHoAQQBEAE0AQQBNAHcAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion=5.1.14393.1944 RunspaceId=27d8ff82-75a7-46aa-b7bc-53e3739d86b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2880	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=23efe4d1-c4a3-4030-81e4-1a3d94f78281 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAFEAQQA0AEEAQwA0AEEATgB3AEEAMQBBAEMAMABBAE4AQQBBADQAQQBEAFEAQQBOAFEAQQAxAEEARABNAEEATQB3AEEAeQBBAEQASQBBAE0AUQBBAHoAQQBEAE0AQQBNAHcAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2879	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=23efe4d1-c4a3-4030-81e4-1a3d94f78281 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAFEAQQA0AEEAQwA0AEEATgB3AEEAMQBBAEMAMABBAE4AQQBBADQAQQBEAFEAQQBOAFEAQQAxAEEARABNAEEATQB3AEEAeQBBAEQASQBBAE0AUQBBAHoAQQBEAE0AQQBNAHcAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2878	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=23efe4d1-c4a3-4030-81e4-1a3d94f78281 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAFEAQQA0AEEAQwA0AEEATgB3AEEAMQBBAEMAMABBAE4AQQBBADQAQQBEAFEAQQBOAFEAQQAxAEEARABNAEEATQB3AEEAeQBBAEQASQBBAE0AUQBBAHoAQQBEAE0AQQBNAHcAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2877	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=23efe4d1-c4a3-4030-81e4-1a3d94f78281 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAFEAQQA0AEEAQwA0AEEATgB3AEEAMQBBAEMAMABBAE4AQQBBADQAQQBEAFEAQQBOAFEAQQAxAEEARABNAEEATQB3AEEAeQBBAEQASQBBAE0AUQBBAHoAQQBEAE0AQQBNAHcAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2876	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=23efe4d1-c4a3-4030-81e4-1a3d94f78281 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAFEAQQA0AEEAQwA0AEEATgB3AEEAMQBBAEMAMABBAE4AQQBBADQAQQBEAFEAQQBOAFEAQQAxAEEARABNAEEATQB3AEEAeQBBAEQASQBBAE0AUQBBAHoAQQBEAE0AQQBNAHcAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2875	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=23efe4d1-c4a3-4030-81e4-1a3d94f78281 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AZwBBAHkAQQBEAEUAQQBNAFEAQQA0AEEAQwA0AEEATgB3AEEAMQBBAEMAMABBAE4AQQBBADQAQQBEAFEAQQBOAFEAQQAxAEEARABNAEEATQB3AEEAeQBBAEQASQBBAE0AUQBBAHoAQQBEAE0AQQBNAHcAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2874	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:39 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=36 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e3baf53-e4dc-4386-a417-74e7748ecad8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b8507d92-3537-49b4-b820-1bf06d6d2ef6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2873	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:36 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=34 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=84486cef-2313-493d-8793-f257267020a0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=dde2be54-7304-4818-b527-00ba6503b9a1 PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"	800		0	4	8		36028797018963968	2872	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:22 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84486cef-2313-493d-8793-f257267020a0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=dde2be54-7304-4818-b527-00ba6503b9a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2871	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84486cef-2313-493d-8793-f257267020a0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2870	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84486cef-2313-493d-8793-f257267020a0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2869	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84486cef-2313-493d-8793-f257267020a0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2868	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84486cef-2313-493d-8793-f257267020a0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2867	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84486cef-2313-493d-8793-f257267020a0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2866	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84486cef-2313-493d-8793-f257267020a0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2865	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84486cef-2313-493d-8793-f257267020a0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2864	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84486cef-2313-493d-8793-f257267020a0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2863	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e3baf53-e4dc-4386-a417-74e7748ecad8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b8507d92-3537-49b4-b820-1bf06d6d2ef6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2862	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:20 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e3baf53-e4dc-4386-a417-74e7748ecad8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2861	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:20 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e3baf53-e4dc-4386-a417-74e7748ecad8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2860	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:20 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e3baf53-e4dc-4386-a417-74e7748ecad8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2859	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:20 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e3baf53-e4dc-4386-a417-74e7748ecad8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2858	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:20 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e3baf53-e4dc-4386-a417-74e7748ecad8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2857	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:20 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e3baf53-e4dc-4386-a417-74e7748ecad8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2856	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/21/2022 12:08:20 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32516ca1-557e-4004-b30d-9a74d329e307 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7a819102-e822-4ea8-80c4-96fc23da8641 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2855	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=152afae6-e8cb-49b5-936a-8e4f2bf1c454 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion=5.1.14393.1944 RunspaceId=ba31a34e-0d50-449e-8c31-d8e93e8a6362 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2854	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=152afae6-e8cb-49b5-936a-8e4f2bf1c454 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion=5.1.14393.1944 RunspaceId=ba31a34e-0d50-449e-8c31-d8e93e8a6362 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2853	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=152afae6-e8cb-49b5-936a-8e4f2bf1c454 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2852	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=152afae6-e8cb-49b5-936a-8e4f2bf1c454 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2851	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=152afae6-e8cb-49b5-936a-8e4f2bf1c454 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2850	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=152afae6-e8cb-49b5-936a-8e4f2bf1c454 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2849	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=152afae6-e8cb-49b5-936a-8e4f2bf1c454 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2848	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=152afae6-e8cb-49b5-936a-8e4f2bf1c454 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2847	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=e48fb212-ad40-4160-9693-caa30537bb25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=27140ade-6883-4e57-b3ff-34af93941e0b PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2846	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e48fb212-ad40-4160-9693-caa30537bb25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=27140ade-6883-4e57-b3ff-34af93941e0b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2845	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e48fb212-ad40-4160-9693-caa30537bb25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2844	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e48fb212-ad40-4160-9693-caa30537bb25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2843	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e48fb212-ad40-4160-9693-caa30537bb25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2842	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e48fb212-ad40-4160-9693-caa30537bb25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2841	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e48fb212-ad40-4160-9693-caa30537bb25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2840	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e48fb212-ad40-4160-9693-caa30537bb25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2839	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e48fb212-ad40-4160-9693-caa30537bb25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2838	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e48fb212-ad40-4160-9693-caa30537bb25 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2837	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32516ca1-557e-4004-b30d-9a74d329e307 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7a819102-e822-4ea8-80c4-96fc23da8641 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2836	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32516ca1-557e-4004-b30d-9a74d329e307 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2835	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32516ca1-557e-4004-b30d-9a74d329e307 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2834	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32516ca1-557e-4004-b30d-9a74d329e307 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2833	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32516ca1-557e-4004-b30d-9a74d329e307 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2832	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32516ca1-557e-4004-b30d-9a74d329e307 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2831	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32516ca1-557e-4004-b30d-9a74d329e307 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2830	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=37 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b44340a1-8ede-46de-9f0f-365ffa65e82e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=339c181e-57e6-44d3-9da6-56b266b4a12e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2829	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=35 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=4e3de6c4-11b2-4b5d-9420-7ae7e38bab14 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=772b769d-09b5-4974-b5b2-93642ca1141f PipelineId=8 ScriptName= CommandLine= Add-Type -TypeDefinition $platform_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }"	800		0	4	8		36028797018963968	2828	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $link_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=4e3de6c4-11b2-4b5d-9420-7ae7e38bab14 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=772b769d-09b5-4974-b5b2-93642ca1141f PipelineId=8 ScriptName= CommandLine= Add-Type -TypeDefinition $link_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }"	800		0	4	8		36028797018963968	2827	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4e3de6c4-11b2-4b5d-9420-7ae7e38bab14 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=772b769d-09b5-4974-b5b2-93642ca1141f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2826	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4e3de6c4-11b2-4b5d-9420-7ae7e38bab14 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2825	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4e3de6c4-11b2-4b5d-9420-7ae7e38bab14 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2824	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4e3de6c4-11b2-4b5d-9420-7ae7e38bab14 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2823	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4e3de6c4-11b2-4b5d-9420-7ae7e38bab14 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2822	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4e3de6c4-11b2-4b5d-9420-7ae7e38bab14 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2821	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4e3de6c4-11b2-4b5d-9420-7ae7e38bab14 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2820	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4e3de6c4-11b2-4b5d-9420-7ae7e38bab14 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2819	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4e3de6c4-11b2-4b5d-9420-7ae7e38bab14 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2818	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b44340a1-8ede-46de-9f0f-365ffa65e82e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=339c181e-57e6-44d3-9da6-56b266b4a12e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2817	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b44340a1-8ede-46de-9f0f-365ffa65e82e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2816	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b44340a1-8ede-46de-9f0f-365ffa65e82e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2815	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b44340a1-8ede-46de-9f0f-365ffa65e82e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2814	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b44340a1-8ede-46de-9f0f-365ffa65e82e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2813	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b44340a1-8ede-46de-9f0f-365ffa65e82e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2812	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b44340a1-8ede-46de-9f0f-365ffa65e82e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2811	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=220daac4-a897-402c-8680-33fc9a58ce09 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=11f7353e-d20f-49c0-ad51-bfce92c22be0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2810	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ce3ff749-6675-4b86-83d2-3f51db2df20e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion=5.1.14393.1944 RunspaceId=a0a0e668-e06c-4be7-8d22-6ad08c4cb9c3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2809	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ce3ff749-6675-4b86-83d2-3f51db2df20e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion=5.1.14393.1944 RunspaceId=a0a0e668-e06c-4be7-8d22-6ad08c4cb9c3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2808	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ce3ff749-6675-4b86-83d2-3f51db2df20e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2807	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ce3ff749-6675-4b86-83d2-3f51db2df20e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2806	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ce3ff749-6675-4b86-83d2-3f51db2df20e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2805	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ce3ff749-6675-4b86-83d2-3f51db2df20e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2804	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ce3ff749-6675-4b86-83d2-3f51db2df20e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2803	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ce3ff749-6675-4b86-83d2-3f51db2df20e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2802	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=01845008-fd24-4a2b-9415-20b63b0c3538 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c52e2a10-c2c1-4415-9185-29035c0b6d88 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2801	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=01845008-fd24-4a2b-9415-20b63b0c3538 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c52e2a10-c2c1-4415-9185-29035c0b6d88 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2800	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=01845008-fd24-4a2b-9415-20b63b0c3538 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2799	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=01845008-fd24-4a2b-9415-20b63b0c3538 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2798	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=01845008-fd24-4a2b-9415-20b63b0c3538 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2797	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=01845008-fd24-4a2b-9415-20b63b0c3538 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2796	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=01845008-fd24-4a2b-9415-20b63b0c3538 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2795	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=01845008-fd24-4a2b-9415-20b63b0c3538 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2794	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=01845008-fd24-4a2b-9415-20b63b0c3538 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2793	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=01845008-fd24-4a2b-9415-20b63b0c3538 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2792	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=220daac4-a897-402c-8680-33fc9a58ce09 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=11f7353e-d20f-49c0-ad51-bfce92c22be0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2791	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=220daac4-a897-402c-8680-33fc9a58ce09 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2790	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=220daac4-a897-402c-8680-33fc9a58ce09 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2789	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=220daac4-a897-402c-8680-33fc9a58ce09 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2788	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=220daac4-a897-402c-8680-33fc9a58ce09 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2787	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=220daac4-a897-402c-8680-33fc9a58ce09 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2786	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=220daac4-a897-402c-8680-33fc9a58ce09 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2785	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=37 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6395ef0a-8eb5-45c6-89b2-da90b221a90a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e4d5f20e-db3a-42b0-88dd-57524cfd479f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2784	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=35 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=6c15748a-699d-40ef-b67b-7b5bc2c54d90 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=445fbb86-3a0c-4644-8335-81422c317624 PipelineId=8 ScriptName= CommandLine= Add-Type -TypeDefinition $platform_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }"	800		0	4	8		36028797018963968	2783	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $link_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=6c15748a-699d-40ef-b67b-7b5bc2c54d90 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=445fbb86-3a0c-4644-8335-81422c317624 PipelineId=8 ScriptName= CommandLine= Add-Type -TypeDefinition $link_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }"	800		0	4	8		36028797018963968	2782	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6c15748a-699d-40ef-b67b-7b5bc2c54d90 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=445fbb86-3a0c-4644-8335-81422c317624 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2781	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6c15748a-699d-40ef-b67b-7b5bc2c54d90 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2780	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6c15748a-699d-40ef-b67b-7b5bc2c54d90 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2779	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6c15748a-699d-40ef-b67b-7b5bc2c54d90 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2778	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6c15748a-699d-40ef-b67b-7b5bc2c54d90 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2777	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6c15748a-699d-40ef-b67b-7b5bc2c54d90 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2776	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6c15748a-699d-40ef-b67b-7b5bc2c54d90 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2775	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6c15748a-699d-40ef-b67b-7b5bc2c54d90 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2774	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6c15748a-699d-40ef-b67b-7b5bc2c54d90 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2773	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6395ef0a-8eb5-45c6-89b2-da90b221a90a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e4d5f20e-db3a-42b0-88dd-57524cfd479f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2772	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6395ef0a-8eb5-45c6-89b2-da90b221a90a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2771	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6395ef0a-8eb5-45c6-89b2-da90b221a90a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2770	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6395ef0a-8eb5-45c6-89b2-da90b221a90a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2769	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6395ef0a-8eb5-45c6-89b2-da90b221a90a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2768	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6395ef0a-8eb5-45c6-89b2-da90b221a90a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2767	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6395ef0a-8eb5-45c6-89b2-da90b221a90a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2766	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb1d371e-c56c-4df6-b4f7-fa6e7bbef3c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=220056f7-d531-49db-a025-62addb14e50e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2765	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6abf3581-3f0f-4957-984e-048f66f5095a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion=5.1.14393.1944 RunspaceId=a99cbc1b-67f9-4305-b5ad-97574cd1d30d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2764	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6abf3581-3f0f-4957-984e-048f66f5095a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion=5.1.14393.1944 RunspaceId=a99cbc1b-67f9-4305-b5ad-97574cd1d30d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2763	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6abf3581-3f0f-4957-984e-048f66f5095a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2762	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6abf3581-3f0f-4957-984e-048f66f5095a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2761	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6abf3581-3f0f-4957-984e-048f66f5095a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2760	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6abf3581-3f0f-4957-984e-048f66f5095a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2759	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6abf3581-3f0f-4957-984e-048f66f5095a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2758	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6abf3581-3f0f-4957-984e-048f66f5095a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2757	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=e18ded3a-936c-475c-93d1-f9269b58d22a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=50e85df7-5743-4844-89f7-d11136b469b6 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2756	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e18ded3a-936c-475c-93d1-f9269b58d22a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=50e85df7-5743-4844-89f7-d11136b469b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2755	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e18ded3a-936c-475c-93d1-f9269b58d22a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2754	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e18ded3a-936c-475c-93d1-f9269b58d22a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2753	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e18ded3a-936c-475c-93d1-f9269b58d22a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2752	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e18ded3a-936c-475c-93d1-f9269b58d22a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2751	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e18ded3a-936c-475c-93d1-f9269b58d22a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2750	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e18ded3a-936c-475c-93d1-f9269b58d22a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2749	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e18ded3a-936c-475c-93d1-f9269b58d22a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2748	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e18ded3a-936c-475c-93d1-f9269b58d22a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2747	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb1d371e-c56c-4df6-b4f7-fa6e7bbef3c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=220056f7-d531-49db-a025-62addb14e50e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2746	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb1d371e-c56c-4df6-b4f7-fa6e7bbef3c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2745	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb1d371e-c56c-4df6-b4f7-fa6e7bbef3c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2744	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb1d371e-c56c-4df6-b4f7-fa6e7bbef3c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2743	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb1d371e-c56c-4df6-b4f7-fa6e7bbef3c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2742	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb1d371e-c56c-4df6-b4f7-fa6e7bbef3c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2741	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb1d371e-c56c-4df6-b4f7-fa6e7bbef3c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2740	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=37 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2439adb6-1811-461f-b0e7-48e0d540434a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8529c998-ae5c-408f-aefa-de929c0a8ba7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2739	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=35 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=56012999-1b5a-4683-b089-b7adc59c1f6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=27ada101-da86-477a-a061-f6c7b08764c1 PipelineId=8 ScriptName= CommandLine= Add-Type -TypeDefinition $platform_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }"	800		0	4	8		36028797018963968	2738	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $link_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=56012999-1b5a-4683-b089-b7adc59c1f6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=27ada101-da86-477a-a061-f6c7b08764c1 PipelineId=8 ScriptName= CommandLine= Add-Type -TypeDefinition $link_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }"	800		0	4	8		36028797018963968	2737	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=56012999-1b5a-4683-b089-b7adc59c1f6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=27ada101-da86-477a-a061-f6c7b08764c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2736	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=56012999-1b5a-4683-b089-b7adc59c1f6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2735	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=56012999-1b5a-4683-b089-b7adc59c1f6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2734	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=56012999-1b5a-4683-b089-b7adc59c1f6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2733	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=56012999-1b5a-4683-b089-b7adc59c1f6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2732	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=56012999-1b5a-4683-b089-b7adc59c1f6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2731	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=56012999-1b5a-4683-b089-b7adc59c1f6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2730	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=56012999-1b5a-4683-b089-b7adc59c1f6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2729	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=56012999-1b5a-4683-b089-b7adc59c1f6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2728	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2439adb6-1811-461f-b0e7-48e0d540434a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8529c998-ae5c-408f-aefa-de929c0a8ba7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2727	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2439adb6-1811-461f-b0e7-48e0d540434a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2726	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2439adb6-1811-461f-b0e7-48e0d540434a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2725	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2439adb6-1811-461f-b0e7-48e0d540434a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2724	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2439adb6-1811-461f-b0e7-48e0d540434a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2723	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2439adb6-1811-461f-b0e7-48e0d540434a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2722	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2439adb6-1811-461f-b0e7-48e0d540434a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2721	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=36 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbd66103-f3b5-4d61-be3a-a6c14e202ff5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=59c6a537-4001-428b-8a3b-0e8671e4717d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2720	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=34 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=e05741e6-9c63-4cf5-9e84-f5703ec1e4c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e7ec2be8-c085-4588-8283-a523d68f4d38 PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"	800		0	4	8		36028797018963968	2719	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e05741e6-9c63-4cf5-9e84-f5703ec1e4c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e7ec2be8-c085-4588-8283-a523d68f4d38 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2718	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e05741e6-9c63-4cf5-9e84-f5703ec1e4c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2717	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e05741e6-9c63-4cf5-9e84-f5703ec1e4c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2716	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e05741e6-9c63-4cf5-9e84-f5703ec1e4c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2715	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e05741e6-9c63-4cf5-9e84-f5703ec1e4c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2714	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e05741e6-9c63-4cf5-9e84-f5703ec1e4c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2713	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e05741e6-9c63-4cf5-9e84-f5703ec1e4c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2712	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e05741e6-9c63-4cf5-9e84-f5703ec1e4c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2711	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e05741e6-9c63-4cf5-9e84-f5703ec1e4c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2710	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbd66103-f3b5-4d61-be3a-a6c14e202ff5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=59c6a537-4001-428b-8a3b-0e8671e4717d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2709	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbd66103-f3b5-4d61-be3a-a6c14e202ff5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2708	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbd66103-f3b5-4d61-be3a-a6c14e202ff5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2707	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbd66103-f3b5-4d61-be3a-a6c14e202ff5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2706	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbd66103-f3b5-4d61-be3a-a6c14e202ff5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2705	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbd66103-f3b5-4d61-be3a-a6c14e202ff5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2704	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbd66103-f3b5-4d61-be3a-a6c14e202ff5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2703	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:13:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=34 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8a149d31-4a8f-46cc-a4fc-1bee1d1c78c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=04bc6aa3-dd71-47e7-a2b4-e956845e5641 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2702	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:12:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fa62224f-77a0-41c5-af8d-c649c8cd1f55 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4d8478ef-64bc-4519-8e3d-916895d3cee8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2701	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fa62224f-77a0-41c5-af8d-c649c8cd1f55 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2700	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fa62224f-77a0-41c5-af8d-c649c8cd1f55 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2699	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fa62224f-77a0-41c5-af8d-c649c8cd1f55 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2698	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fa62224f-77a0-41c5-af8d-c649c8cd1f55 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2697	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fa62224f-77a0-41c5-af8d-c649c8cd1f55 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2696	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fa62224f-77a0-41c5-af8d-c649c8cd1f55 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2695	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fa62224f-77a0-41c5-af8d-c649c8cd1f55 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2694	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fa62224f-77a0-41c5-af8d-c649c8cd1f55 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2693	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8a149d31-4a8f-46cc-a4fc-1bee1d1c78c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=04bc6aa3-dd71-47e7-a2b4-e956845e5641 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2692	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8a149d31-4a8f-46cc-a4fc-1bee1d1c78c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2691	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8a149d31-4a8f-46cc-a4fc-1bee1d1c78c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2690	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8a149d31-4a8f-46cc-a4fc-1bee1d1c78c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2689	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8a149d31-4a8f-46cc-a4fc-1bee1d1c78c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2688	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8a149d31-4a8f-46cc-a4fc-1bee1d1c78c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2687	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8a149d31-4a8f-46cc-a4fc-1bee1d1c78c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2686	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:12:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=34 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a4fa534-82b7-4472-a04b-55644ac5f9e5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fa446770-bf26-4278-a673-933204ce815f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2685	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:12:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=37cee77c-acb1-4149-928e-d2965f9b17dc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=000b49c0-b2ce-4ee2-a5a4-43cf9c019a00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2684	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=37cee77c-acb1-4149-928e-d2965f9b17dc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2683	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=37cee77c-acb1-4149-928e-d2965f9b17dc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2682	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=37cee77c-acb1-4149-928e-d2965f9b17dc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2681	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=37cee77c-acb1-4149-928e-d2965f9b17dc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2680	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=37cee77c-acb1-4149-928e-d2965f9b17dc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2679	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=37cee77c-acb1-4149-928e-d2965f9b17dc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2678	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=37cee77c-acb1-4149-928e-d2965f9b17dc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2677	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=37cee77c-acb1-4149-928e-d2965f9b17dc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2676	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a4fa534-82b7-4472-a04b-55644ac5f9e5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fa446770-bf26-4278-a673-933204ce815f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2675	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a4fa534-82b7-4472-a04b-55644ac5f9e5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2674	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a4fa534-82b7-4472-a04b-55644ac5f9e5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2673	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a4fa534-82b7-4472-a04b-55644ac5f9e5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2672	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a4fa534-82b7-4472-a04b-55644ac5f9e5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2671	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a4fa534-82b7-4472-a04b-55644ac5f9e5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2670	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a4fa534-82b7-4472-a04b-55644ac5f9e5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2669	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94a65a6b-7671-4284-9c00-eefb43c7d35a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3da924ae-fe8a-40f4-bd27-f1f933f42595 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2668	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f3fa8c1f-7300-4640-87cc-2962386458d7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA= EngineVersion=5.1.14393.1944 RunspaceId=06f66a23-5e03-44e7-9a1c-4709209d300b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2667	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f3fa8c1f-7300-4640-87cc-2962386458d7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA= EngineVersion=5.1.14393.1944 RunspaceId=06f66a23-5e03-44e7-9a1c-4709209d300b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2666	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f3fa8c1f-7300-4640-87cc-2962386458d7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2665	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f3fa8c1f-7300-4640-87cc-2962386458d7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2664	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f3fa8c1f-7300-4640-87cc-2962386458d7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2663	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f3fa8c1f-7300-4640-87cc-2962386458d7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2662	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f3fa8c1f-7300-4640-87cc-2962386458d7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2661	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f3fa8c1f-7300-4640-87cc-2962386458d7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2660	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=81b1a670-6f3d-47c5-9776-d4c9f9194acb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=78b884ac-5a75-4974-be17-13b8da9ce367 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2659	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=81b1a670-6f3d-47c5-9776-d4c9f9194acb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=78b884ac-5a75-4974-be17-13b8da9ce367 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2658	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=81b1a670-6f3d-47c5-9776-d4c9f9194acb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2657	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=81b1a670-6f3d-47c5-9776-d4c9f9194acb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2656	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=81b1a670-6f3d-47c5-9776-d4c9f9194acb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2655	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=81b1a670-6f3d-47c5-9776-d4c9f9194acb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2654	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=81b1a670-6f3d-47c5-9776-d4c9f9194acb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2653	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=81b1a670-6f3d-47c5-9776-d4c9f9194acb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2652	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=81b1a670-6f3d-47c5-9776-d4c9f9194acb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2651	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=81b1a670-6f3d-47c5-9776-d4c9f9194acb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2650	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94a65a6b-7671-4284-9c00-eefb43c7d35a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3da924ae-fe8a-40f4-bd27-f1f933f42595 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2649	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94a65a6b-7671-4284-9c00-eefb43c7d35a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2648	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94a65a6b-7671-4284-9c00-eefb43c7d35a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2647	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94a65a6b-7671-4284-9c00-eefb43c7d35a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2646	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94a65a6b-7671-4284-9c00-eefb43c7d35a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2645	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94a65a6b-7671-4284-9c00-eefb43c7d35a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2644	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94a65a6b-7671-4284-9c00-eefb43c7d35a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2643	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f945664b-f0d4-4f6c-9088-347fb908bf60 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4d593fe8-0fc1-4ec2-b06c-4f1e6ac93463 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2642	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e8c4474-6279-4570-aa4a-b49b226cb108 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA EngineVersion=5.1.14393.1944 RunspaceId=41cc48b9-58d3-4615-96f3-3b65e3db0041 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2641	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e8c4474-6279-4570-aa4a-b49b226cb108 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA EngineVersion=5.1.14393.1944 RunspaceId=41cc48b9-58d3-4615-96f3-3b65e3db0041 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2640	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e8c4474-6279-4570-aa4a-b49b226cb108 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2639	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e8c4474-6279-4570-aa4a-b49b226cb108 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2638	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e8c4474-6279-4570-aa4a-b49b226cb108 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2637	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e8c4474-6279-4570-aa4a-b49b226cb108 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2636	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e8c4474-6279-4570-aa4a-b49b226cb108 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2635	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e8c4474-6279-4570-aa4a-b49b226cb108 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2634	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=f243e078-4039-4072-bb2d-fdb2cd48597f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d5134a04-cdb9-457b-ad9c-3004e6bd41ea PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2633	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f243e078-4039-4072-bb2d-fdb2cd48597f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d5134a04-cdb9-457b-ad9c-3004e6bd41ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2632	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f243e078-4039-4072-bb2d-fdb2cd48597f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2631	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f243e078-4039-4072-bb2d-fdb2cd48597f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2630	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f243e078-4039-4072-bb2d-fdb2cd48597f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2629	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f243e078-4039-4072-bb2d-fdb2cd48597f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2628	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f243e078-4039-4072-bb2d-fdb2cd48597f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2627	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f243e078-4039-4072-bb2d-fdb2cd48597f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2626	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f243e078-4039-4072-bb2d-fdb2cd48597f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2625	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f243e078-4039-4072-bb2d-fdb2cd48597f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2624	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f945664b-f0d4-4f6c-9088-347fb908bf60 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4d593fe8-0fc1-4ec2-b06c-4f1e6ac93463 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2623	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f945664b-f0d4-4f6c-9088-347fb908bf60 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2622	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f945664b-f0d4-4f6c-9088-347fb908bf60 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2621	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f945664b-f0d4-4f6c-9088-347fb908bf60 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2620	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f945664b-f0d4-4f6c-9088-347fb908bf60 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2619	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f945664b-f0d4-4f6c-9088-347fb908bf60 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2618	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f945664b-f0d4-4f6c-9088-347fb908bf60 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2617	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=78ba67be-b32b-468e-ac24-c810317ba441 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fc251220-da68-43d5-9577-cfb7c481576d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2616	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6666c010-a6d0-4604-841e-ffdabe2194ed HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA== EngineVersion=5.1.14393.1944 RunspaceId=54f41d5f-d369-439c-b731-71675ad3736a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2615	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6666c010-a6d0-4604-841e-ffdabe2194ed HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA== EngineVersion=5.1.14393.1944 RunspaceId=54f41d5f-d369-439c-b731-71675ad3736a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2614	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6666c010-a6d0-4604-841e-ffdabe2194ed HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2613	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6666c010-a6d0-4604-841e-ffdabe2194ed HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2612	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6666c010-a6d0-4604-841e-ffdabe2194ed HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2611	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6666c010-a6d0-4604-841e-ffdabe2194ed HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2610	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6666c010-a6d0-4604-841e-ffdabe2194ed HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2609	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6666c010-a6d0-4604-841e-ffdabe2194ed HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2608	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1bd3ab1-afb5-4d63-8bca-edb211f6123a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=81a370d5-948b-40a1-af70-e50e1c21d0cb PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2607	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1bd3ab1-afb5-4d63-8bca-edb211f6123a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=81a370d5-948b-40a1-af70-e50e1c21d0cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2606	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1bd3ab1-afb5-4d63-8bca-edb211f6123a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2605	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1bd3ab1-afb5-4d63-8bca-edb211f6123a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2604	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1bd3ab1-afb5-4d63-8bca-edb211f6123a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2603	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1bd3ab1-afb5-4d63-8bca-edb211f6123a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2602	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1bd3ab1-afb5-4d63-8bca-edb211f6123a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2601	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1bd3ab1-afb5-4d63-8bca-edb211f6123a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2600	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1bd3ab1-afb5-4d63-8bca-edb211f6123a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2599	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1bd3ab1-afb5-4d63-8bca-edb211f6123a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2598	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=78ba67be-b32b-468e-ac24-c810317ba441 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fc251220-da68-43d5-9577-cfb7c481576d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2597	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=78ba67be-b32b-468e-ac24-c810317ba441 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2596	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=78ba67be-b32b-468e-ac24-c810317ba441 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2595	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=78ba67be-b32b-468e-ac24-c810317ba441 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2594	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=78ba67be-b32b-468e-ac24-c810317ba441 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2593	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=78ba67be-b32b-468e-ac24-c810317ba441 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2592	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=78ba67be-b32b-468e-ac24-c810317ba441 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2591	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54240b32-3928-432f-ae69-85e31601f71d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f11b9366-ed99-4abf-92a8-9d63330c535d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2590	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b24bf141-6be7-4baa-843e-64787f66cab8 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANAA0ADUAMAA3AC0ANgAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA EngineVersion=5.1.14393.1944 RunspaceId=1c453b0a-8a44-4ddf-be84-217fd1d71f64 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2589	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b24bf141-6be7-4baa-843e-64787f66cab8 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANAA0ADUAMAA3AC0ANgAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA EngineVersion=5.1.14393.1944 RunspaceId=1c453b0a-8a44-4ddf-be84-217fd1d71f64 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2588	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b24bf141-6be7-4baa-843e-64787f66cab8 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANAA0ADUAMAA3AC0ANgAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2587	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b24bf141-6be7-4baa-843e-64787f66cab8 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANAA0ADUAMAA3AC0ANgAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2586	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b24bf141-6be7-4baa-843e-64787f66cab8 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANAA0ADUAMAA3AC0ANgAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2585	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b24bf141-6be7-4baa-843e-64787f66cab8 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANAA0ADUAMAA3AC0ANgAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2584	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b24bf141-6be7-4baa-843e-64787f66cab8 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANAA0ADUAMAA3AC0ANgAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2583	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b24bf141-6be7-4baa-843e-64787f66cab8 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANAA0ADUAMAA3AC0ANgAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2582	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=2bb2a49c-404e-4364-8af9-7a09e25a46b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=abd2e71c-d328-4f0b-a20a-c7124c386019 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2581	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2bb2a49c-404e-4364-8af9-7a09e25a46b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=abd2e71c-d328-4f0b-a20a-c7124c386019 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2580	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2bb2a49c-404e-4364-8af9-7a09e25a46b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2579	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2bb2a49c-404e-4364-8af9-7a09e25a46b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2578	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2bb2a49c-404e-4364-8af9-7a09e25a46b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2577	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2bb2a49c-404e-4364-8af9-7a09e25a46b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2576	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2bb2a49c-404e-4364-8af9-7a09e25a46b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2575	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2bb2a49c-404e-4364-8af9-7a09e25a46b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2574	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2bb2a49c-404e-4364-8af9-7a09e25a46b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2573	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2bb2a49c-404e-4364-8af9-7a09e25a46b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2572	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54240b32-3928-432f-ae69-85e31601f71d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f11b9366-ed99-4abf-92a8-9d63330c535d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2571	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54240b32-3928-432f-ae69-85e31601f71d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2570	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54240b32-3928-432f-ae69-85e31601f71d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2569	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54240b32-3928-432f-ae69-85e31601f71d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2568	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54240b32-3928-432f-ae69-85e31601f71d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2567	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54240b32-3928-432f-ae69-85e31601f71d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2566	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54240b32-3928-432f-ae69-85e31601f71d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2565	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb7152fa-dc89-493b-b5b5-d336793ccd63 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA EngineVersion=5.1.14393.1944 RunspaceId=8b1db14a-b013-4803-a147-884a88a0a289 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2564	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb7152fa-dc89-493b-b5b5-d336793ccd63 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA EngineVersion=5.1.14393.1944 RunspaceId=8b1db14a-b013-4803-a147-884a88a0a289 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2563	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb7152fa-dc89-493b-b5b5-d336793ccd63 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2562	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb7152fa-dc89-493b-b5b5-d336793ccd63 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2561	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb7152fa-dc89-493b-b5b5-d336793ccd63 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2560	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb7152fa-dc89-493b-b5b5-d336793ccd63 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2559	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb7152fa-dc89-493b-b5b5-d336793ccd63 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2558	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb7152fa-dc89-493b-b5b5-d336793ccd63 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2557	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94e6f2d8-7e96-48c5-9ae7-6e119d86b83e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion=5.1.14393.1944 RunspaceId=ddb3104f-a696-4c64-9fe7-8ad63b274533 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2556	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94e6f2d8-7e96-48c5-9ae7-6e119d86b83e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion=5.1.14393.1944 RunspaceId=ddb3104f-a696-4c64-9fe7-8ad63b274533 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2555	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94e6f2d8-7e96-48c5-9ae7-6e119d86b83e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2554	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94e6f2d8-7e96-48c5-9ae7-6e119d86b83e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2553	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94e6f2d8-7e96-48c5-9ae7-6e119d86b83e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2552	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94e6f2d8-7e96-48c5-9ae7-6e119d86b83e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2551	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94e6f2d8-7e96-48c5-9ae7-6e119d86b83e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2550	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94e6f2d8-7e96-48c5-9ae7-6e119d86b83e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2549	PowerShell		Windows PowerShell			n-h1-844507-6.cbci-844507-6.local		7/20/2022 10:11:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d0a51991-f34f-463d-bef6-7ac0813f276f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion=5.1.14393.1944 RunspaceId=a7bf84b0-5240-485e-8527-6c7d630bd4a9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2548	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d0a51991-f34f-463d-bef6-7ac0813f276f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion=5.1.14393.1944 RunspaceId=a7bf84b0-5240-485e-8527-6c7d630bd4a9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2547	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d0a51991-f34f-463d-bef6-7ac0813f276f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2546	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d0a51991-f34f-463d-bef6-7ac0813f276f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2545	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d0a51991-f34f-463d-bef6-7ac0813f276f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2544	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d0a51991-f34f-463d-bef6-7ac0813f276f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2543	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d0a51991-f34f-463d-bef6-7ac0813f276f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2542	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d0a51991-f34f-463d-bef6-7ac0813f276f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2541	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88dbe76c-4174-4bcc-9543-4bef358d0555 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA= EngineVersion=5.1.14393.1944 RunspaceId=bd58a2be-3dc0-4aa9-9340-d8b7df4f5c3b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2540	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88dbe76c-4174-4bcc-9543-4bef358d0555 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA= EngineVersion=5.1.14393.1944 RunspaceId=bd58a2be-3dc0-4aa9-9340-d8b7df4f5c3b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2539	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88dbe76c-4174-4bcc-9543-4bef358d0555 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2538	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88dbe76c-4174-4bcc-9543-4bef358d0555 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2537	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88dbe76c-4174-4bcc-9543-4bef358d0555 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2536	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88dbe76c-4174-4bcc-9543-4bef358d0555 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2535	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88dbe76c-4174-4bcc-9543-4bef358d0555 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2534	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88dbe76c-4174-4bcc-9543-4bef358d0555 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2533	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d2612130-2434-421a-a987-9d0a0990dd2b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion=5.1.14393.1944 RunspaceId=2256c700-9abf-4bcc-82c4-38641c86072c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2532	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d2612130-2434-421a-a987-9d0a0990dd2b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion=5.1.14393.1944 RunspaceId=2256c700-9abf-4bcc-82c4-38641c86072c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2531	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d2612130-2434-421a-a987-9d0a0990dd2b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2530	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d2612130-2434-421a-a987-9d0a0990dd2b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2529	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d2612130-2434-421a-a987-9d0a0990dd2b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2528	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d2612130-2434-421a-a987-9d0a0990dd2b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2527	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d2612130-2434-421a-a987-9d0a0990dd2b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2526	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d2612130-2434-421a-a987-9d0a0990dd2b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2525	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4594c60e-f848-45e1-9a3c-5d92c7100e24 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ee677b5f-d44b-42d0-b8ff-6ddcd2b7b7d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2524	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9562db6a-06bb-434b-903e-6c9d03066027 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=01ab75b6-2844-4a8d-a8c4-3882219b2026 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2523	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9562db6a-06bb-434b-903e-6c9d03066027 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2522	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9562db6a-06bb-434b-903e-6c9d03066027 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2521	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9562db6a-06bb-434b-903e-6c9d03066027 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2520	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9562db6a-06bb-434b-903e-6c9d03066027 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2519	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9562db6a-06bb-434b-903e-6c9d03066027 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2518	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9562db6a-06bb-434b-903e-6c9d03066027 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2517	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9562db6a-06bb-434b-903e-6c9d03066027 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2516	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9562db6a-06bb-434b-903e-6c9d03066027 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2515	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4594c60e-f848-45e1-9a3c-5d92c7100e24 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ee677b5f-d44b-42d0-b8ff-6ddcd2b7b7d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2514	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4594c60e-f848-45e1-9a3c-5d92c7100e24 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2513	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4594c60e-f848-45e1-9a3c-5d92c7100e24 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2512	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4594c60e-f848-45e1-9a3c-5d92c7100e24 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2511	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4594c60e-f848-45e1-9a3c-5d92c7100e24 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2510	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4594c60e-f848-45e1-9a3c-5d92c7100e24 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2509	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4594c60e-f848-45e1-9a3c-5d92c7100e24 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2508	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f83d22db-1c71-4a75-81d1-4c940569f93f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c2fd7ca1-b52d-451b-950f-8dec4e3a0932 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2507	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9b1e8b00-573f-46a3-a6a4-a2f7052d8841 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d8d3fead-a6e4-4811-8d81-6cb1db7d71c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2506	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9b1e8b00-573f-46a3-a6a4-a2f7052d8841 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2505	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9b1e8b00-573f-46a3-a6a4-a2f7052d8841 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2504	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9b1e8b00-573f-46a3-a6a4-a2f7052d8841 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2503	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9b1e8b00-573f-46a3-a6a4-a2f7052d8841 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2502	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9b1e8b00-573f-46a3-a6a4-a2f7052d8841 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2501	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9b1e8b00-573f-46a3-a6a4-a2f7052d8841 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2500	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9b1e8b00-573f-46a3-a6a4-a2f7052d8841 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2499	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9b1e8b00-573f-46a3-a6a4-a2f7052d8841 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2498	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f83d22db-1c71-4a75-81d1-4c940569f93f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c2fd7ca1-b52d-451b-950f-8dec4e3a0932 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2497	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f83d22db-1c71-4a75-81d1-4c940569f93f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2496	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f83d22db-1c71-4a75-81d1-4c940569f93f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2495	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f83d22db-1c71-4a75-81d1-4c940569f93f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2494	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f83d22db-1c71-4a75-81d1-4c940569f93f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2493	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f83d22db-1c71-4a75-81d1-4c940569f93f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2492	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f83d22db-1c71-4a75-81d1-4c940569f93f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2491	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ca7a6b77-cee9-4ac6-b654-f7cd741a1041 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=83761cc9-1036-4181-bc83-8d859b18e0df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2490	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d32be6d8-f365-44f3-afc9-5b5045a808c7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA EngineVersion=5.1.14393.1944 RunspaceId=c0552512-3871-475c-a9e7-3caf5b703f74 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2489	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d32be6d8-f365-44f3-afc9-5b5045a808c7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA EngineVersion=5.1.14393.1944 RunspaceId=c0552512-3871-475c-a9e7-3caf5b703f74 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2488	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d32be6d8-f365-44f3-afc9-5b5045a808c7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2487	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d32be6d8-f365-44f3-afc9-5b5045a808c7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2486	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d32be6d8-f365-44f3-afc9-5b5045a808c7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2485	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d32be6d8-f365-44f3-afc9-5b5045a808c7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2484	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d32be6d8-f365-44f3-afc9-5b5045a808c7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2483	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d32be6d8-f365-44f3-afc9-5b5045a808c7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2482	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=85877cb8-d726-4f88-a172-ca7d01a55476 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=de8fd76c-76a2-4ca1-987c-743676408c99 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2481	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=85877cb8-d726-4f88-a172-ca7d01a55476 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=de8fd76c-76a2-4ca1-987c-743676408c99 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2480	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=85877cb8-d726-4f88-a172-ca7d01a55476 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2479	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=85877cb8-d726-4f88-a172-ca7d01a55476 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2478	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=85877cb8-d726-4f88-a172-ca7d01a55476 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2477	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=85877cb8-d726-4f88-a172-ca7d01a55476 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2476	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=85877cb8-d726-4f88-a172-ca7d01a55476 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2475	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=85877cb8-d726-4f88-a172-ca7d01a55476 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2474	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=85877cb8-d726-4f88-a172-ca7d01a55476 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2473	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=85877cb8-d726-4f88-a172-ca7d01a55476 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2472	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ca7a6b77-cee9-4ac6-b654-f7cd741a1041 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=83761cc9-1036-4181-bc83-8d859b18e0df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2471	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ca7a6b77-cee9-4ac6-b654-f7cd741a1041 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2470	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ca7a6b77-cee9-4ac6-b654-f7cd741a1041 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2469	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ca7a6b77-cee9-4ac6-b654-f7cd741a1041 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2468	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ca7a6b77-cee9-4ac6-b654-f7cd741a1041 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2467	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ca7a6b77-cee9-4ac6-b654-f7cd741a1041 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2466	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ca7a6b77-cee9-4ac6-b654-f7cd741a1041 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2465	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=36 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=97048789-6ae2-45b1-aa19-10890415d6bf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2b932f13-1e1c-452b-96e9-0f03021a89c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2464	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=34 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=3fcf68c3-7b87-4dab-ac12-a8f03a471fc2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=226d23d4-4459-42e6-9775-be39386ba16d PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"	800		0	4	8		36028797018963968	2463	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3fcf68c3-7b87-4dab-ac12-a8f03a471fc2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=226d23d4-4459-42e6-9775-be39386ba16d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2462	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3fcf68c3-7b87-4dab-ac12-a8f03a471fc2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2461	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3fcf68c3-7b87-4dab-ac12-a8f03a471fc2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2460	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3fcf68c3-7b87-4dab-ac12-a8f03a471fc2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2459	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3fcf68c3-7b87-4dab-ac12-a8f03a471fc2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2458	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3fcf68c3-7b87-4dab-ac12-a8f03a471fc2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2457	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3fcf68c3-7b87-4dab-ac12-a8f03a471fc2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2456	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3fcf68c3-7b87-4dab-ac12-a8f03a471fc2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2455	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3fcf68c3-7b87-4dab-ac12-a8f03a471fc2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2454	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=97048789-6ae2-45b1-aa19-10890415d6bf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2b932f13-1e1c-452b-96e9-0f03021a89c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2453	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=97048789-6ae2-45b1-aa19-10890415d6bf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2452	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=97048789-6ae2-45b1-aa19-10890415d6bf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2451	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=97048789-6ae2-45b1-aa19-10890415d6bf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2450	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=97048789-6ae2-45b1-aa19-10890415d6bf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2449	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=97048789-6ae2-45b1-aa19-10890415d6bf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2448	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=97048789-6ae2-45b1-aa19-10890415d6bf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2447	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 10:10:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed5e2519-0c5c-48d8-a49a-2f6bcba39b9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e44de7bc-9ba1-4d28-acd1-0f00b8cd4c7f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2446	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5af77aa7-f727-4f1d-bded-f28bef4e2f50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2f2d3fb2-bdb7-4e12-b45e-b7b4938858e6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2445	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5af77aa7-f727-4f1d-bded-f28bef4e2f50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2444	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5af77aa7-f727-4f1d-bded-f28bef4e2f50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2443	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5af77aa7-f727-4f1d-bded-f28bef4e2f50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2442	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5af77aa7-f727-4f1d-bded-f28bef4e2f50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2441	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5af77aa7-f727-4f1d-bded-f28bef4e2f50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2440	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5af77aa7-f727-4f1d-bded-f28bef4e2f50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2439	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5af77aa7-f727-4f1d-bded-f28bef4e2f50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2438	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5af77aa7-f727-4f1d-bded-f28bef4e2f50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2437	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed5e2519-0c5c-48d8-a49a-2f6bcba39b9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e44de7bc-9ba1-4d28-acd1-0f00b8cd4c7f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2436	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed5e2519-0c5c-48d8-a49a-2f6bcba39b9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2435	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed5e2519-0c5c-48d8-a49a-2f6bcba39b9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2434	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed5e2519-0c5c-48d8-a49a-2f6bcba39b9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2433	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed5e2519-0c5c-48d8-a49a-2f6bcba39b9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2432	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed5e2519-0c5c-48d8-a49a-2f6bcba39b9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2431	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed5e2519-0c5c-48d8-a49a-2f6bcba39b9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2430	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77a69da9-49b5-46c1-8885-d349134f38bd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABrAEEATQBRAEEAdQBBAEQASQBBAE8AQQBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABNAEEATwBBAEEAMABBAEQAVQBBAE0AQQBBADUAQQBEAEUAQQBNAFEAQQA0AEEARABNAEEATwBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=348face4-456f-4387-b1ce-71bdab70155b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2429	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a53305d-b250-4579-8876-a358021a1533 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADkAMQAuADIAOAAtADEANwA4ADMAOAA0ADUAMAA5ADEAMQA4ADMAOQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=dd77f57a-12ad-401d-8500-3a50188e8673 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2428	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a53305d-b250-4579-8876-a358021a1533 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADkAMQAuADIAOAAtADEANwA4ADMAOAA0ADUAMAA5ADEAMQA4ADMAOQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=dd77f57a-12ad-401d-8500-3a50188e8673 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2427	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a53305d-b250-4579-8876-a358021a1533 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADkAMQAuADIAOAAtADEANwA4ADMAOAA0ADUAMAA5ADEAMQA4ADMAOQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2426	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a53305d-b250-4579-8876-a358021a1533 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADkAMQAuADIAOAAtADEANwA4ADMAOAA0ADUAMAA5ADEAMQA4ADMAOQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2425	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a53305d-b250-4579-8876-a358021a1533 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADkAMQAuADIAOAAtADEANwA4ADMAOAA0ADUAMAA5ADEAMQA4ADMAOQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2424	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a53305d-b250-4579-8876-a358021a1533 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADkAMQAuADIAOAAtADEANwA4ADMAOAA0ADUAMAA5ADEAMQA4ADMAOQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2423	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a53305d-b250-4579-8876-a358021a1533 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADkAMQAuADIAOAAtADEANwA4ADMAOAA0ADUAMAA5ADEAMQA4ADMAOQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2422	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a53305d-b250-4579-8876-a358021a1533 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADkAMQAuADIAOAAtADEANwA4ADMAOAA0ADUAMAA5ADEAMQA4ADMAOQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2421	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77a69da9-49b5-46c1-8885-d349134f38bd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABrAEEATQBRAEEAdQBBAEQASQBBAE8AQQBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABNAEEATwBBAEEAMABBAEQAVQBBAE0AQQBBADUAQQBEAEUAQQBNAFEAQQA0AEEARABNAEEATwBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=348face4-456f-4387-b1ce-71bdab70155b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2420	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77a69da9-49b5-46c1-8885-d349134f38bd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABrAEEATQBRAEEAdQBBAEQASQBBAE8AQQBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABNAEEATwBBAEEAMABBAEQAVQBBAE0AQQBBADUAQQBEAEUAQQBNAFEAQQA0AEEARABNAEEATwBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2419	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77a69da9-49b5-46c1-8885-d349134f38bd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABrAEEATQBRAEEAdQBBAEQASQBBAE8AQQBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABNAEEATwBBAEEAMABBAEQAVQBBAE0AQQBBADUAQQBEAEUAQQBNAFEAQQA0AEEARABNAEEATwBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2418	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77a69da9-49b5-46c1-8885-d349134f38bd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABrAEEATQBRAEEAdQBBAEQASQBBAE8AQQBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABNAEEATwBBAEEAMABBAEQAVQBBAE0AQQBBADUAQQBEAEUAQQBNAFEAQQA0AEEARABNAEEATwBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2417	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77a69da9-49b5-46c1-8885-d349134f38bd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABrAEEATQBRAEEAdQBBAEQASQBBAE8AQQBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABNAEEATwBBAEEAMABBAEQAVQBBAE0AQQBBADUAQQBEAEUAQQBNAFEAQQA0AEEARABNAEEATwBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2416	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77a69da9-49b5-46c1-8885-d349134f38bd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABrAEEATQBRAEEAdQBBAEQASQBBAE8AQQBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABNAEEATwBBAEEAMABBAEQAVQBBAE0AQQBBADUAQQBEAEUAQQBNAFEAQQA0AEEARABNAEEATwBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2415	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77a69da9-49b5-46c1-8885-d349134f38bd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABrAEEATQBRAEEAdQBBAEQASQBBAE8AQQBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABNAEEATwBBAEEAMABBAEQAVQBBAE0AQQBBADUAQQBEAEUAQQBNAFEAQQA0AEEARABNAEEATwBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2414	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1da11b17-08d7-4766-a723-50263aeedf08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d4e7d93f-64f1-4477-a2f9-ba32fd6dda3d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2413	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cf6f9fb8-6d42-45a8-95d9-7985be8fc090 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2f064249-0b3a-4c0c-babf-dc4303681b12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2412	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cf6f9fb8-6d42-45a8-95d9-7985be8fc090 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2411	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cf6f9fb8-6d42-45a8-95d9-7985be8fc090 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2410	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cf6f9fb8-6d42-45a8-95d9-7985be8fc090 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2409	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cf6f9fb8-6d42-45a8-95d9-7985be8fc090 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2408	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cf6f9fb8-6d42-45a8-95d9-7985be8fc090 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2407	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cf6f9fb8-6d42-45a8-95d9-7985be8fc090 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2406	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cf6f9fb8-6d42-45a8-95d9-7985be8fc090 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2405	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cf6f9fb8-6d42-45a8-95d9-7985be8fc090 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2404	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1da11b17-08d7-4766-a723-50263aeedf08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d4e7d93f-64f1-4477-a2f9-ba32fd6dda3d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2403	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1da11b17-08d7-4766-a723-50263aeedf08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2402	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1da11b17-08d7-4766-a723-50263aeedf08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2401	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1da11b17-08d7-4766-a723-50263aeedf08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2400	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1da11b17-08d7-4766-a723-50263aeedf08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2399	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1da11b17-08d7-4766-a723-50263aeedf08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2398	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1da11b17-08d7-4766-a723-50263aeedf08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2397	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b9866bb9-a308-41cd-a535-73af59fb757a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADkAMQAuADIAOAAtADEANwA4ADMAOAA0ADUAMAA5ADEAMQA4ADMAOQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=736f723c-4707-4821-9795-0f1153ad623d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2396	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b9866bb9-a308-41cd-a535-73af59fb757a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADkAMQAuADIAOAAtADEANwA4ADMAOAA0ADUAMAA5ADEAMQA4ADMAOQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=736f723c-4707-4821-9795-0f1153ad623d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2395	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b9866bb9-a308-41cd-a535-73af59fb757a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADkAMQAuADIAOAAtADEANwA4ADMAOAA0ADUAMAA5ADEAMQA4ADMAOQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2394	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b9866bb9-a308-41cd-a535-73af59fb757a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADkAMQAuADIAOAAtADEANwA4ADMAOAA0ADUAMAA5ADEAMQA4ADMAOQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2393	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b9866bb9-a308-41cd-a535-73af59fb757a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADkAMQAuADIAOAAtADEANwA4ADMAOAA0ADUAMAA5ADEAMQA4ADMAOQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2392	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b9866bb9-a308-41cd-a535-73af59fb757a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADkAMQAuADIAOAAtADEANwA4ADMAOAA0ADUAMAA5ADEAMQA4ADMAOQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2391	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b9866bb9-a308-41cd-a535-73af59fb757a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADkAMQAuADIAOAAtADEANwA4ADMAOAA0ADUAMAA5ADEAMQA4ADMAOQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2390	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b9866bb9-a308-41cd-a535-73af59fb757a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADkAMQAuADIAOAAtADEANwA4ADMAOAA0ADUAMAA5ADEAMQA4ADMAOQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2389	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13aa0696-a744-443d-897a-769e9df60093 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBPAFEAQQB4AEEAQwA0AEEATQBnAEEANABBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBNAHcAQQA0AEEARABRAEEATgBRAEEAdwBBAEQAawBBAE0AUQBBAHgAQQBEAGcAQQBNAHcAQQA1AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=17470189-a63c-47f0-ae88-a7e484bb0e7c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2388	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e5624db8-9130-42a2-873a-130f276df8eb HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIAOQAxAC4AMgA4AC0AMQA3ADgAMwA4ADQANQAwADkAMQAxADgAMwA5ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=f1151e85-e352-4912-9b53-0bbaad5f5f4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2387	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e5624db8-9130-42a2-873a-130f276df8eb HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIAOQAxAC4AMgA4AC0AMQA3ADgAMwA4ADQANQAwADkAMQAxADgAMwA5ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=f1151e85-e352-4912-9b53-0bbaad5f5f4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2386	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e5624db8-9130-42a2-873a-130f276df8eb HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIAOQAxAC4AMgA4AC0AMQA3ADgAMwA4ADQANQAwADkAMQAxADgAMwA5ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2385	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e5624db8-9130-42a2-873a-130f276df8eb HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIAOQAxAC4AMgA4AC0AMQA3ADgAMwA4ADQANQAwADkAMQAxADgAMwA5ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2384	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e5624db8-9130-42a2-873a-130f276df8eb HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIAOQAxAC4AMgA4AC0AMQA3ADgAMwA4ADQANQAwADkAMQAxADgAMwA5ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2383	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e5624db8-9130-42a2-873a-130f276df8eb HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIAOQAxAC4AMgA4AC0AMQA3ADgAMwA4ADQANQAwADkAMQAxADgAMwA5ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2382	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e5624db8-9130-42a2-873a-130f276df8eb HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIAOQAxAC4AMgA4AC0AMQA3ADgAMwA4ADQANQAwADkAMQAxADgAMwA5ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2381	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e5624db8-9130-42a2-873a-130f276df8eb HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIAOQAxAC4AMgA4AC0AMQA3ADgAMwA4ADQANQAwADkAMQAxADgAMwA5ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2380	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13aa0696-a744-443d-897a-769e9df60093 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBPAFEAQQB4AEEAQwA0AEEATQBnAEEANABBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBNAHcAQQA0AEEARABRAEEATgBRAEEAdwBBAEQAawBBAE0AUQBBAHgAQQBEAGcAQQBNAHcAQQA1AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=17470189-a63c-47f0-ae88-a7e484bb0e7c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2379	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13aa0696-a744-443d-897a-769e9df60093 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBPAFEAQQB4AEEAQwA0AEEATQBnAEEANABBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBNAHcAQQA0AEEARABRAEEATgBRAEEAdwBBAEQAawBBAE0AUQBBAHgAQQBEAGcAQQBNAHcAQQA1AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2378	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13aa0696-a744-443d-897a-769e9df60093 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBPAFEAQQB4AEEAQwA0AEEATQBnAEEANABBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBNAHcAQQA0AEEARABRAEEATgBRAEEAdwBBAEQAawBBAE0AUQBBAHgAQQBEAGcAQQBNAHcAQQA1AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2377	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13aa0696-a744-443d-897a-769e9df60093 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBPAFEAQQB4AEEAQwA0AEEATQBnAEEANABBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBNAHcAQQA0AEEARABRAEEATgBRAEEAdwBBAEQAawBBAE0AUQBBAHgAQQBEAGcAQQBNAHcAQQA1AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2376	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13aa0696-a744-443d-897a-769e9df60093 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBPAFEAQQB4AEEAQwA0AEEATQBnAEEANABBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBNAHcAQQA0AEEARABRAEEATgBRAEEAdwBBAEQAawBBAE0AUQBBAHgAQQBEAGcAQQBNAHcAQQA1AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2375	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13aa0696-a744-443d-897a-769e9df60093 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBPAFEAQQB4AEEAQwA0AEEATQBnAEEANABBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBNAHcAQQA0AEEARABRAEEATgBRAEEAdwBBAEQAawBBAE0AUQBBAHgAQQBEAGcAQQBNAHcAQQA1AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2374	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13aa0696-a744-443d-897a-769e9df60093 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBPAFEAQQB4AEEAQwA0AEEATQBnAEEANABBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBNAHcAQQA0AEEARABRAEEATgBRAEEAdwBBAEQAawBBAE0AUQBBAHgAQQBEAGcAQQBNAHcAQQA1AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2373	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50af0229-a1fa-46d2-b540-67564cbf43d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=efd79a73-62cd-4d6e-9c5b-5e81869fe63f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2372	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=589651d0-30f2-46f9-96fd-9cf48b03b7f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=97429385-2004-4731-aca4-ff7186648a79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2371	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=589651d0-30f2-46f9-96fd-9cf48b03b7f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2370	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=589651d0-30f2-46f9-96fd-9cf48b03b7f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2369	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=589651d0-30f2-46f9-96fd-9cf48b03b7f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2368	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=589651d0-30f2-46f9-96fd-9cf48b03b7f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2367	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=589651d0-30f2-46f9-96fd-9cf48b03b7f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2366	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=589651d0-30f2-46f9-96fd-9cf48b03b7f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2365	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=589651d0-30f2-46f9-96fd-9cf48b03b7f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2364	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=589651d0-30f2-46f9-96fd-9cf48b03b7f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2363	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50af0229-a1fa-46d2-b540-67564cbf43d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=efd79a73-62cd-4d6e-9c5b-5e81869fe63f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2362	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50af0229-a1fa-46d2-b540-67564cbf43d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2361	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50af0229-a1fa-46d2-b540-67564cbf43d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2360	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50af0229-a1fa-46d2-b540-67564cbf43d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2359	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50af0229-a1fa-46d2-b540-67564cbf43d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2358	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50af0229-a1fa-46d2-b540-67564cbf43d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2357	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50af0229-a1fa-46d2-b540-67564cbf43d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2356	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2c9602f6-306f-4722-bec3-8713c0432023 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=777ad741-6d87-4dce-bd00-8b50d53287d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2355	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4f25887b-9b60-49ff-92d7-32f4293cabc6 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion=5.1.14393.1944 RunspaceId=734f4f0f-bb7c-41c2-9c61-f652f61c03b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2354	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4f25887b-9b60-49ff-92d7-32f4293cabc6 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion=5.1.14393.1944 RunspaceId=734f4f0f-bb7c-41c2-9c61-f652f61c03b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2353	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4f25887b-9b60-49ff-92d7-32f4293cabc6 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2352	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4f25887b-9b60-49ff-92d7-32f4293cabc6 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2351	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4f25887b-9b60-49ff-92d7-32f4293cabc6 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2350	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4f25887b-9b60-49ff-92d7-32f4293cabc6 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2349	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4f25887b-9b60-49ff-92d7-32f4293cabc6 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2348	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4f25887b-9b60-49ff-92d7-32f4293cabc6 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2347	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=f57bc95e-34fc-4370-8845-fad21f5a3d19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c6a6c1b9-dbad-4557-8991-1920d781c01b PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2346	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f57bc95e-34fc-4370-8845-fad21f5a3d19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c6a6c1b9-dbad-4557-8991-1920d781c01b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2345	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f57bc95e-34fc-4370-8845-fad21f5a3d19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2344	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f57bc95e-34fc-4370-8845-fad21f5a3d19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2343	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f57bc95e-34fc-4370-8845-fad21f5a3d19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2342	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f57bc95e-34fc-4370-8845-fad21f5a3d19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2341	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f57bc95e-34fc-4370-8845-fad21f5a3d19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2340	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f57bc95e-34fc-4370-8845-fad21f5a3d19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2339	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f57bc95e-34fc-4370-8845-fad21f5a3d19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2338	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f57bc95e-34fc-4370-8845-fad21f5a3d19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2337	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2c9602f6-306f-4722-bec3-8713c0432023 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=777ad741-6d87-4dce-bd00-8b50d53287d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2336	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2c9602f6-306f-4722-bec3-8713c0432023 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2335	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2c9602f6-306f-4722-bec3-8713c0432023 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2334	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2c9602f6-306f-4722-bec3-8713c0432023 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2333	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2c9602f6-306f-4722-bec3-8713c0432023 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2332	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2c9602f6-306f-4722-bec3-8713c0432023 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2331	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2c9602f6-306f-4722-bec3-8713c0432023 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2330	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3088e78-1f91-4fe1-a0a3-4660735a1975 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=007b9f9f-a09a-4ff3-a9c2-55510c1a1962 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2329	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7600ebfb-7a4b-41ec-86ca-1548f8bc118d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=232c97e8-2953-4a4a-a450-9bce74074f7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2328	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7600ebfb-7a4b-41ec-86ca-1548f8bc118d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2327	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7600ebfb-7a4b-41ec-86ca-1548f8bc118d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2326	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7600ebfb-7a4b-41ec-86ca-1548f8bc118d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2325	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7600ebfb-7a4b-41ec-86ca-1548f8bc118d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2324	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7600ebfb-7a4b-41ec-86ca-1548f8bc118d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2323	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7600ebfb-7a4b-41ec-86ca-1548f8bc118d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2322	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7600ebfb-7a4b-41ec-86ca-1548f8bc118d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2321	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7600ebfb-7a4b-41ec-86ca-1548f8bc118d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2320	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3088e78-1f91-4fe1-a0a3-4660735a1975 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=007b9f9f-a09a-4ff3-a9c2-55510c1a1962 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2319	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3088e78-1f91-4fe1-a0a3-4660735a1975 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2318	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3088e78-1f91-4fe1-a0a3-4660735a1975 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2317	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3088e78-1f91-4fe1-a0a3-4660735a1975 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2316	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3088e78-1f91-4fe1-a0a3-4660735a1975 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2315	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3088e78-1f91-4fe1-a0a3-4660735a1975 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2314	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3088e78-1f91-4fe1-a0a3-4660735a1975 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2313	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25a8af46-a99c-480b-9a5c-2a2a26cc0833 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4720c04b-f81c-434b-ab91-7c14b6efd833 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2312	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=68fac853-3033-474c-8f51-2c89e525f8c9 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion=5.1.14393.1944 RunspaceId=251d5c6b-1faf-4f91-861a-42c2b0b3648d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2311	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=68fac853-3033-474c-8f51-2c89e525f8c9 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion=5.1.14393.1944 RunspaceId=251d5c6b-1faf-4f91-861a-42c2b0b3648d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2310	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=68fac853-3033-474c-8f51-2c89e525f8c9 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2309	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=68fac853-3033-474c-8f51-2c89e525f8c9 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2308	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=68fac853-3033-474c-8f51-2c89e525f8c9 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2307	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=68fac853-3033-474c-8f51-2c89e525f8c9 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2306	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=68fac853-3033-474c-8f51-2c89e525f8c9 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2305	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=68fac853-3033-474c-8f51-2c89e525f8c9 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2304	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=ddf17c00-6fbd-4dac-9764-1a4f4ea9e450 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a8ca07bf-8a89-441b-aaf3-1a9766a3e924 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2303	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ddf17c00-6fbd-4dac-9764-1a4f4ea9e450 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a8ca07bf-8a89-441b-aaf3-1a9766a3e924 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2302	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ddf17c00-6fbd-4dac-9764-1a4f4ea9e450 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2301	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ddf17c00-6fbd-4dac-9764-1a4f4ea9e450 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2300	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ddf17c00-6fbd-4dac-9764-1a4f4ea9e450 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2299	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ddf17c00-6fbd-4dac-9764-1a4f4ea9e450 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2298	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ddf17c00-6fbd-4dac-9764-1a4f4ea9e450 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2297	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ddf17c00-6fbd-4dac-9764-1a4f4ea9e450 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2296	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ddf17c00-6fbd-4dac-9764-1a4f4ea9e450 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2295	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ddf17c00-6fbd-4dac-9764-1a4f4ea9e450 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2294	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25a8af46-a99c-480b-9a5c-2a2a26cc0833 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4720c04b-f81c-434b-ab91-7c14b6efd833 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2293	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25a8af46-a99c-480b-9a5c-2a2a26cc0833 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2292	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25a8af46-a99c-480b-9a5c-2a2a26cc0833 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2291	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25a8af46-a99c-480b-9a5c-2a2a26cc0833 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2290	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25a8af46-a99c-480b-9a5c-2a2a26cc0833 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2289	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25a8af46-a99c-480b-9a5c-2a2a26cc0833 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2288	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25a8af46-a99c-480b-9a5c-2a2a26cc0833 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2287	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fd29a105-af08-445b-86dd-40e5574cd07a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABZAEEATgBBAEEAdQBBAEQATQBBAEwAUQBBAHgAQQBEAEEAQQBOAHcAQQB6AEEARABNAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADEAQQBEAE0AQQBOAGcAQQB6AEEARABNAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=383635cf-5191-4dea-a4c6-f12e79140dcf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2286	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0441900f-fd39-4054-805f-be9512f32a62 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADYANAAuADMALQAxADAANwAzADMAMQA2ADUANQA1ADMANgAzADMAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=a2206d35-3633-4862-b13e-01f24c3755a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2285	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0441900f-fd39-4054-805f-be9512f32a62 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADYANAAuADMALQAxADAANwAzADMAMQA2ADUANQA1ADMANgAzADMAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=a2206d35-3633-4862-b13e-01f24c3755a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2284	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0441900f-fd39-4054-805f-be9512f32a62 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADYANAAuADMALQAxADAANwAzADMAMQA2ADUANQA1ADMANgAzADMAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2283	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0441900f-fd39-4054-805f-be9512f32a62 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADYANAAuADMALQAxADAANwAzADMAMQA2ADUANQA1ADMANgAzADMAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2282	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0441900f-fd39-4054-805f-be9512f32a62 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADYANAAuADMALQAxADAANwAzADMAMQA2ADUANQA1ADMANgAzADMAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2281	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0441900f-fd39-4054-805f-be9512f32a62 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADYANAAuADMALQAxADAANwAzADMAMQA2ADUANQA1ADMANgAzADMAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2280	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0441900f-fd39-4054-805f-be9512f32a62 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADYANAAuADMALQAxADAANwAzADMAMQA2ADUANQA1ADMANgAzADMAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2279	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0441900f-fd39-4054-805f-be9512f32a62 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADYANAAuADMALQAxADAANwAzADMAMQA2ADUANQA1ADMANgAzADMAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2278	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fd29a105-af08-445b-86dd-40e5574cd07a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABZAEEATgBBAEEAdQBBAEQATQBBAEwAUQBBAHgAQQBEAEEAQQBOAHcAQQB6AEEARABNAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADEAQQBEAE0AQQBOAGcAQQB6AEEARABNAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=383635cf-5191-4dea-a4c6-f12e79140dcf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2277	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fd29a105-af08-445b-86dd-40e5574cd07a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABZAEEATgBBAEEAdQBBAEQATQBBAEwAUQBBAHgAQQBEAEEAQQBOAHcAQQB6AEEARABNAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADEAQQBEAE0AQQBOAGcAQQB6AEEARABNAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2276	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fd29a105-af08-445b-86dd-40e5574cd07a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABZAEEATgBBAEEAdQBBAEQATQBBAEwAUQBBAHgAQQBEAEEAQQBOAHcAQQB6AEEARABNAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADEAQQBEAE0AQQBOAGcAQQB6AEEARABNAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2275	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fd29a105-af08-445b-86dd-40e5574cd07a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABZAEEATgBBAEEAdQBBAEQATQBBAEwAUQBBAHgAQQBEAEEAQQBOAHcAQQB6AEEARABNAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADEAQQBEAE0AQQBOAGcAQQB6AEEARABNAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2274	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fd29a105-af08-445b-86dd-40e5574cd07a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABZAEEATgBBAEEAdQBBAEQATQBBAEwAUQBBAHgAQQBEAEEAQQBOAHcAQQB6AEEARABNAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADEAQQBEAE0AQQBOAGcAQQB6AEEARABNAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2273	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fd29a105-af08-445b-86dd-40e5574cd07a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABZAEEATgBBAEEAdQBBAEQATQBBAEwAUQBBAHgAQQBEAEEAQQBOAHcAQQB6AEEARABNAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADEAQQBEAE0AQQBOAGcAQQB6AEEARABNAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2272	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fd29a105-af08-445b-86dd-40e5574cd07a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABZAEEATgBBAEEAdQBBAEQATQBBAEwAUQBBAHgAQQBEAEEAQQBOAHcAQQB6AEEARABNAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADEAQQBEAE0AQQBOAGcAQQB6AEEARABNAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2271	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ca98ae7f-24df-4e03-abde-767fb7e1f1f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5eaaca1e-7d4e-4655-8474-500e9824265b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2270	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52f648aa-a0a7-420f-a026-e7332e37ae3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=0fd6db87-0d19-4561-bd24-f75fc507a1c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2269	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52f648aa-a0a7-420f-a026-e7332e37ae3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2268	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52f648aa-a0a7-420f-a026-e7332e37ae3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2267	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52f648aa-a0a7-420f-a026-e7332e37ae3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2266	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52f648aa-a0a7-420f-a026-e7332e37ae3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2265	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52f648aa-a0a7-420f-a026-e7332e37ae3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2264	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52f648aa-a0a7-420f-a026-e7332e37ae3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2263	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52f648aa-a0a7-420f-a026-e7332e37ae3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2262	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52f648aa-a0a7-420f-a026-e7332e37ae3a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2261	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ca98ae7f-24df-4e03-abde-767fb7e1f1f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5eaaca1e-7d4e-4655-8474-500e9824265b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2260	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ca98ae7f-24df-4e03-abde-767fb7e1f1f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2259	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ca98ae7f-24df-4e03-abde-767fb7e1f1f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2258	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ca98ae7f-24df-4e03-abde-767fb7e1f1f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2257	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ca98ae7f-24df-4e03-abde-767fb7e1f1f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2256	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ca98ae7f-24df-4e03-abde-767fb7e1f1f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2255	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ca98ae7f-24df-4e03-abde-767fb7e1f1f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2254	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6c258cf0-c05c-42d9-9fd6-b451d2889621 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADYANAAuADMALQAxADAANwAzADMAMQA2ADUANQA1ADMANgAzADMAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=84988384-8249-469a-85d4-1b7febde99d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2253	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6c258cf0-c05c-42d9-9fd6-b451d2889621 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADYANAAuADMALQAxADAANwAzADMAMQA2ADUANQA1ADMANgAzADMAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=84988384-8249-469a-85d4-1b7febde99d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2252	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6c258cf0-c05c-42d9-9fd6-b451d2889621 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADYANAAuADMALQAxADAANwAzADMAMQA2ADUANQA1ADMANgAzADMAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2251	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6c258cf0-c05c-42d9-9fd6-b451d2889621 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADYANAAuADMALQAxADAANwAzADMAMQA2ADUANQA1ADMANgAzADMAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2250	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6c258cf0-c05c-42d9-9fd6-b451d2889621 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADYANAAuADMALQAxADAANwAzADMAMQA2ADUANQA1ADMANgAzADMAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2249	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6c258cf0-c05c-42d9-9fd6-b451d2889621 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADYANAAuADMALQAxADAANwAzADMAMQA2ADUANQA1ADMANgAzADMAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2248	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6c258cf0-c05c-42d9-9fd6-b451d2889621 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADYANAAuADMALQAxADAANwAzADMAMQA2ADUANQA1ADMANgAzADMAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2247	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6c258cf0-c05c-42d9-9fd6-b451d2889621 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADYANAAuADMALQAxADAANwAzADMAMQA2ADUANQA1ADMANgAzADMAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2246	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dbd12e08-cead-4635-be54-4ec5fd09588d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBOAGcAQQAwAEEAQwA0AEEATQB3AEEAdABBAEQARQBBAE0AQQBBADMAQQBEAE0AQQBNAHcAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAVQBBAE0AdwBBADIAQQBEAE0AQQBNAHcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=8d4cdf3e-3c42-49dc-b01c-f5bf901d6fe4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2245	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef65a0bc-5432-4621-9e77-bddc05fc82fb HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIANgA0AC4AMwAtADEAMAA3ADMAMwAxADYANQA1ADUAMwA2ADMAMwAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=74f1fe9b-e848-4c1e-b777-a41a830c3765 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2244	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef65a0bc-5432-4621-9e77-bddc05fc82fb HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIANgA0AC4AMwAtADEAMAA3ADMAMwAxADYANQA1ADUAMwA2ADMAMwAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=74f1fe9b-e848-4c1e-b777-a41a830c3765 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2243	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef65a0bc-5432-4621-9e77-bddc05fc82fb HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIANgA0AC4AMwAtADEAMAA3ADMAMwAxADYANQA1ADUAMwA2ADMAMwAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2242	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef65a0bc-5432-4621-9e77-bddc05fc82fb HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIANgA0AC4AMwAtADEAMAA3ADMAMwAxADYANQA1ADUAMwA2ADMAMwAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2241	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef65a0bc-5432-4621-9e77-bddc05fc82fb HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIANgA0AC4AMwAtADEAMAA3ADMAMwAxADYANQA1ADUAMwA2ADMAMwAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2240	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef65a0bc-5432-4621-9e77-bddc05fc82fb HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIANgA0AC4AMwAtADEAMAA3ADMAMwAxADYANQA1ADUAMwA2ADMAMwAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2239	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef65a0bc-5432-4621-9e77-bddc05fc82fb HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIANgA0AC4AMwAtADEAMAA3ADMAMwAxADYANQA1ADUAMwA2ADMAMwAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2238	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef65a0bc-5432-4621-9e77-bddc05fc82fb HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIANgA0AC4AMwAtADEAMAA3ADMAMwAxADYANQA1ADUAMwA2ADMAMwAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2237	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dbd12e08-cead-4635-be54-4ec5fd09588d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBOAGcAQQAwAEEAQwA0AEEATQB3AEEAdABBAEQARQBBAE0AQQBBADMAQQBEAE0AQQBNAHcAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAVQBBAE0AdwBBADIAQQBEAE0AQQBNAHcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=8d4cdf3e-3c42-49dc-b01c-f5bf901d6fe4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2236	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dbd12e08-cead-4635-be54-4ec5fd09588d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBOAGcAQQAwAEEAQwA0AEEATQB3AEEAdABBAEQARQBBAE0AQQBBADMAQQBEAE0AQQBNAHcAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAVQBBAE0AdwBBADIAQQBEAE0AQQBNAHcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2235	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dbd12e08-cead-4635-be54-4ec5fd09588d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBOAGcAQQAwAEEAQwA0AEEATQB3AEEAdABBAEQARQBBAE0AQQBBADMAQQBEAE0AQQBNAHcAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAVQBBAE0AdwBBADIAQQBEAE0AQQBNAHcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2234	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dbd12e08-cead-4635-be54-4ec5fd09588d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBOAGcAQQAwAEEAQwA0AEEATQB3AEEAdABBAEQARQBBAE0AQQBBADMAQQBEAE0AQQBNAHcAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAVQBBAE0AdwBBADIAQQBEAE0AQQBNAHcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2233	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dbd12e08-cead-4635-be54-4ec5fd09588d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBOAGcAQQAwAEEAQwA0AEEATQB3AEEAdABBAEQARQBBAE0AQQBBADMAQQBEAE0AQQBNAHcAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAVQBBAE0AdwBBADIAQQBEAE0AQQBNAHcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2232	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dbd12e08-cead-4635-be54-4ec5fd09588d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBOAGcAQQAwAEEAQwA0AEEATQB3AEEAdABBAEQARQBBAE0AQQBBADMAQQBEAE0AQQBNAHcAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAVQBBAE0AdwBBADIAQQBEAE0AQQBNAHcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2231	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dbd12e08-cead-4635-be54-4ec5fd09588d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBOAGcAQQAwAEEAQwA0AEEATQB3AEEAdABBAEQARQBBAE0AQQBBADMAQQBEAE0AQQBNAHcAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAVQBBAE0AdwBBADIAQQBEAE0AQQBNAHcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2230	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e25052f-4bba-4b59-9e56-e9ad84d03008 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3c37e6fb-cd78-4157-ad0b-de4a4bbb2a00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2229	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=088446c2-2b59-42b0-8c33-eae4402238bc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=185f8e1a-0ba7-4b8f-95f0-9ad9d9d9cd84 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2228	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=088446c2-2b59-42b0-8c33-eae4402238bc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2227	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=088446c2-2b59-42b0-8c33-eae4402238bc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2226	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=088446c2-2b59-42b0-8c33-eae4402238bc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2225	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=088446c2-2b59-42b0-8c33-eae4402238bc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2224	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=088446c2-2b59-42b0-8c33-eae4402238bc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2223	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=088446c2-2b59-42b0-8c33-eae4402238bc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2222	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=088446c2-2b59-42b0-8c33-eae4402238bc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2221	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=088446c2-2b59-42b0-8c33-eae4402238bc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2220	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e25052f-4bba-4b59-9e56-e9ad84d03008 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3c37e6fb-cd78-4157-ad0b-de4a4bbb2a00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2219	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e25052f-4bba-4b59-9e56-e9ad84d03008 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2218	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e25052f-4bba-4b59-9e56-e9ad84d03008 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2217	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e25052f-4bba-4b59-9e56-e9ad84d03008 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2216	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e25052f-4bba-4b59-9e56-e9ad84d03008 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2215	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e25052f-4bba-4b59-9e56-e9ad84d03008 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2214	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e25052f-4bba-4b59-9e56-e9ad84d03008 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2213	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4cf47948-5eea-4b7f-b39e-a11e2298a736 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4d553934-5517-4fae-be40-7e7cc1b215c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2212	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4ec5895f-f63c-4d06-8962-2267dcafdc62 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion=5.1.14393.1944 RunspaceId=8714e4c8-9f1a-4494-a383-16b4773ce216 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2211	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:41:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4ec5895f-f63c-4d06-8962-2267dcafdc62 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion=5.1.14393.1944 RunspaceId=8714e4c8-9f1a-4494-a383-16b4773ce216 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2210	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4ec5895f-f63c-4d06-8962-2267dcafdc62 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2209	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4ec5895f-f63c-4d06-8962-2267dcafdc62 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2208	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4ec5895f-f63c-4d06-8962-2267dcafdc62 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2207	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4ec5895f-f63c-4d06-8962-2267dcafdc62 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2206	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4ec5895f-f63c-4d06-8962-2267dcafdc62 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2205	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4ec5895f-f63c-4d06-8962-2267dcafdc62 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2204	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=33dc9c96-24a5-42c9-b86d-9a4cedc87219 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1727cabb-baa1-42c2-9ee3-83474f46f6ec PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2203	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=33dc9c96-24a5-42c9-b86d-9a4cedc87219 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1727cabb-baa1-42c2-9ee3-83474f46f6ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2202	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=33dc9c96-24a5-42c9-b86d-9a4cedc87219 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2201	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=33dc9c96-24a5-42c9-b86d-9a4cedc87219 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2200	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=33dc9c96-24a5-42c9-b86d-9a4cedc87219 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2199	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=33dc9c96-24a5-42c9-b86d-9a4cedc87219 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2198	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=33dc9c96-24a5-42c9-b86d-9a4cedc87219 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2197	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=33dc9c96-24a5-42c9-b86d-9a4cedc87219 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2196	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=33dc9c96-24a5-42c9-b86d-9a4cedc87219 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2195	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=33dc9c96-24a5-42c9-b86d-9a4cedc87219 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2194	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4cf47948-5eea-4b7f-b39e-a11e2298a736 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4d553934-5517-4fae-be40-7e7cc1b215c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2193	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4cf47948-5eea-4b7f-b39e-a11e2298a736 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2192	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4cf47948-5eea-4b7f-b39e-a11e2298a736 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2191	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4cf47948-5eea-4b7f-b39e-a11e2298a736 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2190	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4cf47948-5eea-4b7f-b39e-a11e2298a736 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2189	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4cf47948-5eea-4b7f-b39e-a11e2298a736 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2188	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4cf47948-5eea-4b7f-b39e-a11e2298a736 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2187	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=844551c9-9982-4a25-9dc6-fe3ccb3f86e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4730e570-cfbc-42a8-ad1f-28b754962279 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2186	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aecf2ab5-7da7-41e0-a41e-7dda8a28e6c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7d50eea6-dcd0-4464-ae39-15980ae0f838 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2185	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aecf2ab5-7da7-41e0-a41e-7dda8a28e6c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2184	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aecf2ab5-7da7-41e0-a41e-7dda8a28e6c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2183	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aecf2ab5-7da7-41e0-a41e-7dda8a28e6c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2182	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aecf2ab5-7da7-41e0-a41e-7dda8a28e6c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2181	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aecf2ab5-7da7-41e0-a41e-7dda8a28e6c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2180	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aecf2ab5-7da7-41e0-a41e-7dda8a28e6c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2179	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aecf2ab5-7da7-41e0-a41e-7dda8a28e6c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2178	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aecf2ab5-7da7-41e0-a41e-7dda8a28e6c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2177	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=844551c9-9982-4a25-9dc6-fe3ccb3f86e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4730e570-cfbc-42a8-ad1f-28b754962279 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2176	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=844551c9-9982-4a25-9dc6-fe3ccb3f86e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2175	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=844551c9-9982-4a25-9dc6-fe3ccb3f86e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2174	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=844551c9-9982-4a25-9dc6-fe3ccb3f86e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2173	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=844551c9-9982-4a25-9dc6-fe3ccb3f86e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2172	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=844551c9-9982-4a25-9dc6-fe3ccb3f86e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2171	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=844551c9-9982-4a25-9dc6-fe3ccb3f86e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2170	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2160d114-4298-4cc9-ba9b-1bc864ea9a72 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3b0b7048-9ff5-408a-8169-c5b5fe9166d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2169	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=45f4788e-d6cf-43f8-86cc-9ac580889f3c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion=5.1.14393.1944 RunspaceId=947f1175-0289-49db-be11-3067252d2f88 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2168	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=45f4788e-d6cf-43f8-86cc-9ac580889f3c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion=5.1.14393.1944 RunspaceId=947f1175-0289-49db-be11-3067252d2f88 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2167	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=45f4788e-d6cf-43f8-86cc-9ac580889f3c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2166	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=45f4788e-d6cf-43f8-86cc-9ac580889f3c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2165	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=45f4788e-d6cf-43f8-86cc-9ac580889f3c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2164	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=45f4788e-d6cf-43f8-86cc-9ac580889f3c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2163	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=45f4788e-d6cf-43f8-86cc-9ac580889f3c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2162	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=45f4788e-d6cf-43f8-86cc-9ac580889f3c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2161	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=becaaee2-0124-4e46-8f45-14e18229352a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3cb30c53-d279-474b-9129-01daefc69e44 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2160	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=becaaee2-0124-4e46-8f45-14e18229352a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3cb30c53-d279-474b-9129-01daefc69e44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2159	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=becaaee2-0124-4e46-8f45-14e18229352a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2158	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=becaaee2-0124-4e46-8f45-14e18229352a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2157	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=becaaee2-0124-4e46-8f45-14e18229352a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2156	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=becaaee2-0124-4e46-8f45-14e18229352a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2155	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=becaaee2-0124-4e46-8f45-14e18229352a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2154	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=becaaee2-0124-4e46-8f45-14e18229352a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2153	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=becaaee2-0124-4e46-8f45-14e18229352a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2152	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=becaaee2-0124-4e46-8f45-14e18229352a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2151	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2160d114-4298-4cc9-ba9b-1bc864ea9a72 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3b0b7048-9ff5-408a-8169-c5b5fe9166d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2150	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2160d114-4298-4cc9-ba9b-1bc864ea9a72 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2149	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2160d114-4298-4cc9-ba9b-1bc864ea9a72 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2148	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2160d114-4298-4cc9-ba9b-1bc864ea9a72 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2147	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2160d114-4298-4cc9-ba9b-1bc864ea9a72 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2146	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2160d114-4298-4cc9-ba9b-1bc864ea9a72 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2145	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2160d114-4298-4cc9-ba9b-1bc864ea9a72 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2144	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=70e60e71-d572-4a7d-8b1d-2398d1f48184 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABJAEEATQBRAEEAdQBBAEQARQBBAE0AZwBBAHQAQQBEAEUAQQBNAEEAQQAzAEEARABZAEEATwBRAEEAeQBBAEQAVQBBAE8AUQBBADUAQQBEAFEAQQBOAGcAQQAwAEEARABjAEEATQBRAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=162264cf-1879-4140-ba24-2c84fcb6e1b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2143	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4d22fc8e-8c78-434f-a49f-813a0deb7c24 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADIAMQAuADEAMgAtADEAMAA3ADYAOQAyADUAOQA5ADQANgA0ADcAMQAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=dad22ac6-94eb-440e-9866-3dd60c5b64b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2142	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4d22fc8e-8c78-434f-a49f-813a0deb7c24 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADIAMQAuADEAMgAtADEAMAA3ADYAOQAyADUAOQA5ADQANgA0ADcAMQAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=dad22ac6-94eb-440e-9866-3dd60c5b64b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2141	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4d22fc8e-8c78-434f-a49f-813a0deb7c24 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADIAMQAuADEAMgAtADEAMAA3ADYAOQAyADUAOQA5ADQANgA0ADcAMQAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2140	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4d22fc8e-8c78-434f-a49f-813a0deb7c24 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADIAMQAuADEAMgAtADEAMAA3ADYAOQAyADUAOQA5ADQANgA0ADcAMQAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2139	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4d22fc8e-8c78-434f-a49f-813a0deb7c24 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADIAMQAuADEAMgAtADEAMAA3ADYAOQAyADUAOQA5ADQANgA0ADcAMQAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2138	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4d22fc8e-8c78-434f-a49f-813a0deb7c24 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADIAMQAuADEAMgAtADEAMAA3ADYAOQAyADUAOQA5ADQANgA0ADcAMQAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2137	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4d22fc8e-8c78-434f-a49f-813a0deb7c24 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADIAMQAuADEAMgAtADEAMAA3ADYAOQAyADUAOQA5ADQANgA0ADcAMQAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2136	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4d22fc8e-8c78-434f-a49f-813a0deb7c24 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADIAMQAuADEAMgAtADEAMAA3ADYAOQAyADUAOQA5ADQANgA0ADcAMQAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2135	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=70e60e71-d572-4a7d-8b1d-2398d1f48184 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABJAEEATQBRAEEAdQBBAEQARQBBAE0AZwBBAHQAQQBEAEUAQQBNAEEAQQAzAEEARABZAEEATwBRAEEAeQBBAEQAVQBBAE8AUQBBADUAQQBEAFEAQQBOAGcAQQAwAEEARABjAEEATQBRAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=162264cf-1879-4140-ba24-2c84fcb6e1b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2134	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=70e60e71-d572-4a7d-8b1d-2398d1f48184 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABJAEEATQBRAEEAdQBBAEQARQBBAE0AZwBBAHQAQQBEAEUAQQBNAEEAQQAzAEEARABZAEEATwBRAEEAeQBBAEQAVQBBAE8AUQBBADUAQQBEAFEAQQBOAGcAQQAwAEEARABjAEEATQBRAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2133	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=70e60e71-d572-4a7d-8b1d-2398d1f48184 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABJAEEATQBRAEEAdQBBAEQARQBBAE0AZwBBAHQAQQBEAEUAQQBNAEEAQQAzAEEARABZAEEATwBRAEEAeQBBAEQAVQBBAE8AUQBBADUAQQBEAFEAQQBOAGcAQQAwAEEARABjAEEATQBRAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2132	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=70e60e71-d572-4a7d-8b1d-2398d1f48184 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABJAEEATQBRAEEAdQBBAEQARQBBAE0AZwBBAHQAQQBEAEUAQQBNAEEAQQAzAEEARABZAEEATwBRAEEAeQBBAEQAVQBBAE8AUQBBADUAQQBEAFEAQQBOAGcAQQAwAEEARABjAEEATQBRAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2131	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=70e60e71-d572-4a7d-8b1d-2398d1f48184 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABJAEEATQBRAEEAdQBBAEQARQBBAE0AZwBBAHQAQQBEAEUAQQBNAEEAQQAzAEEARABZAEEATwBRAEEAeQBBAEQAVQBBAE8AUQBBADUAQQBEAFEAQQBOAGcAQQAwAEEARABjAEEATQBRAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2130	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=70e60e71-d572-4a7d-8b1d-2398d1f48184 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABJAEEATQBRAEEAdQBBAEQARQBBAE0AZwBBAHQAQQBEAEUAQQBNAEEAQQAzAEEARABZAEEATwBRAEEAeQBBAEQAVQBBAE8AUQBBADUAQQBEAFEAQQBOAGcAQQAwAEEARABjAEEATQBRAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2129	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=70e60e71-d572-4a7d-8b1d-2398d1f48184 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB5AEEARABJAEEATQBRAEEAdQBBAEQARQBBAE0AZwBBAHQAQQBEAEUAQQBNAEEAQQAzAEEARABZAEEATwBRAEEAeQBBAEQAVQBBAE8AUQBBADUAQQBEAFEAQQBOAGcAQQAwAEEARABjAEEATQBRAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2128	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5d088f2f-634a-4d41-9345-43d5a7e8b47a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=27e010aa-8e1e-461c-9712-0f0ea91c88e2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2127	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7108c47b-d699-4ccf-a238-464f3166afbd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1065d5ad-24e9-4738-a71e-a21be884ed07 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2126	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7108c47b-d699-4ccf-a238-464f3166afbd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2125	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7108c47b-d699-4ccf-a238-464f3166afbd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2124	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7108c47b-d699-4ccf-a238-464f3166afbd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2123	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7108c47b-d699-4ccf-a238-464f3166afbd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2122	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7108c47b-d699-4ccf-a238-464f3166afbd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2121	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7108c47b-d699-4ccf-a238-464f3166afbd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2120	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7108c47b-d699-4ccf-a238-464f3166afbd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2119	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7108c47b-d699-4ccf-a238-464f3166afbd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2118	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5d088f2f-634a-4d41-9345-43d5a7e8b47a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=27e010aa-8e1e-461c-9712-0f0ea91c88e2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2117	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5d088f2f-634a-4d41-9345-43d5a7e8b47a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2116	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5d088f2f-634a-4d41-9345-43d5a7e8b47a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2115	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5d088f2f-634a-4d41-9345-43d5a7e8b47a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2114	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5d088f2f-634a-4d41-9345-43d5a7e8b47a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2113	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5d088f2f-634a-4d41-9345-43d5a7e8b47a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2112	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5d088f2f-634a-4d41-9345-43d5a7e8b47a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2111	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79fb8efa-58d2-402c-97fe-0dc08870a2cb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADIAMQAuADEAMgAtADEAMAA3ADYAOQAyADUAOQA5ADQANgA0ADcAMQAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=2a1fe096-8985-43b3-98d2-7c640d942dac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2110	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79fb8efa-58d2-402c-97fe-0dc08870a2cb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADIAMQAuADEAMgAtADEAMAA3ADYAOQAyADUAOQA5ADQANgA0ADcAMQAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=2a1fe096-8985-43b3-98d2-7c640d942dac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2109	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79fb8efa-58d2-402c-97fe-0dc08870a2cb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADIAMQAuADEAMgAtADEAMAA3ADYAOQAyADUAOQA5ADQANgA0ADcAMQAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2108	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79fb8efa-58d2-402c-97fe-0dc08870a2cb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADIAMQAuADEAMgAtADEAMAA3ADYAOQAyADUAOQA5ADQANgA0ADcAMQAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2107	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79fb8efa-58d2-402c-97fe-0dc08870a2cb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADIAMQAuADEAMgAtADEAMAA3ADYAOQAyADUAOQA5ADQANgA0ADcAMQAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2106	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79fb8efa-58d2-402c-97fe-0dc08870a2cb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADIAMQAuADEAMgAtADEAMAA3ADYAOQAyADUAOQA5ADQANgA0ADcAMQAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2105	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79fb8efa-58d2-402c-97fe-0dc08870a2cb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADIAMQAuADEAMgAtADEAMAA3ADYAOQAyADUAOQA5ADQANgA0ADcAMQAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2104	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79fb8efa-58d2-402c-97fe-0dc08870a2cb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAyADIAMQAuADEAMgAtADEAMAA3ADYAOQAyADUAOQA5ADQANgA0ADcAMQAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2103	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b88cee4-717a-40ea-b4e0-f99e13f8b0f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAeQBBAEMAMABBAE0AUQBBAHcAQQBEAGMAQQBOAGcAQQA1AEEARABJAEEATgBRAEEANQBBAEQAawBBAE4AQQBBADIAQQBEAFEAQQBOAHcAQQB4AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=0cd884cd-b76c-4bc5-8d57-215d44e10188 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2102	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=efd25b81-d1bc-4b0c-a8de-adb10508ba01 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIAMgAxAC4AMQAyAC0AMQAwADcANgA5ADIANQA5ADkANAA2ADQANwAxADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=5690cd45-4757-44d3-8fd6-805fb9d69fed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2101	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=efd25b81-d1bc-4b0c-a8de-adb10508ba01 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIAMgAxAC4AMQAyAC0AMQAwADcANgA5ADIANQA5ADkANAA2ADQANwAxADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=5690cd45-4757-44d3-8fd6-805fb9d69fed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2100	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=efd25b81-d1bc-4b0c-a8de-adb10508ba01 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIAMgAxAC4AMQAyAC0AMQAwADcANgA5ADIANQA5ADkANAA2ADQANwAxADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2099	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=efd25b81-d1bc-4b0c-a8de-adb10508ba01 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIAMgAxAC4AMQAyAC0AMQAwADcANgA5ADIANQA5ADkANAA2ADQANwAxADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2098	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=efd25b81-d1bc-4b0c-a8de-adb10508ba01 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIAMgAxAC4AMQAyAC0AMQAwADcANgA5ADIANQA5ADkANAA2ADQANwAxADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2097	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=efd25b81-d1bc-4b0c-a8de-adb10508ba01 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIAMgAxAC4AMQAyAC0AMQAwADcANgA5ADIANQA5ADkANAA2ADQANwAxADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2096	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=efd25b81-d1bc-4b0c-a8de-adb10508ba01 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIAMgAxAC4AMQAyAC0AMQAwADcANgA5ADIANQA5ADkANAA2ADQANwAxADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2095	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=efd25b81-d1bc-4b0c-a8de-adb10508ba01 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADIAMgAxAC4AMQAyAC0AMQAwADcANgA5ADIANQA5ADkANAA2ADQANwAxADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2094	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b88cee4-717a-40ea-b4e0-f99e13f8b0f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAeQBBAEMAMABBAE0AUQBBAHcAQQBEAGMAQQBOAGcAQQA1AEEARABJAEEATgBRAEEANQBBAEQAawBBAE4AQQBBADIAQQBEAFEAQQBOAHcAQQB4AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=0cd884cd-b76c-4bc5-8d57-215d44e10188 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2093	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b88cee4-717a-40ea-b4e0-f99e13f8b0f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAeQBBAEMAMABBAE0AUQBBAHcAQQBEAGMAQQBOAGcAQQA1AEEARABJAEEATgBRAEEANQBBAEQAawBBAE4AQQBBADIAQQBEAFEAQQBOAHcAQQB4AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2092	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b88cee4-717a-40ea-b4e0-f99e13f8b0f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAeQBBAEMAMABBAE0AUQBBAHcAQQBEAGMAQQBOAGcAQQA1AEEARABJAEEATgBRAEEANQBBAEQAawBBAE4AQQBBADIAQQBEAFEAQQBOAHcAQQB4AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2091	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b88cee4-717a-40ea-b4e0-f99e13f8b0f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAeQBBAEMAMABBAE0AUQBBAHcAQQBEAGMAQQBOAGcAQQA1AEEARABJAEEATgBRAEEANQBBAEQAawBBAE4AQQBBADIAQQBEAFEAQQBOAHcAQQB4AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2090	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b88cee4-717a-40ea-b4e0-f99e13f8b0f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAeQBBAEMAMABBAE0AUQBBAHcAQQBEAGMAQQBOAGcAQQA1AEEARABJAEEATgBRAEEANQBBAEQAawBBAE4AQQBBADIAQQBEAFEAQQBOAHcAQQB4AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2089	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b88cee4-717a-40ea-b4e0-f99e13f8b0f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAeQBBAEMAMABBAE0AUQBBAHcAQQBEAGMAQQBOAGcAQQA1AEEARABJAEEATgBRAEEANQBBAEQAawBBAE4AQQBBADIAQQBEAFEAQQBOAHcAQQB4AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2088	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b88cee4-717a-40ea-b4e0-f99e13f8b0f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEkAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAeQBBAEMAMABBAE0AUQBBAHcAQQBEAGMAQQBOAGcAQQA1AEEARABJAEEATgBRAEEANQBBAEQAawBBAE4AQQBBADIAQQBEAFEAQQBOAHcAQQB4AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2087	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=64f8b9bb-5716-4c49-9e5f-1cb2bc1dea1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b6c04a14-47e2-4af5-936b-c748c74c74b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2086	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b58db85c-1e62-48ad-ac2b-4bbd4eb17234 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f3854dbb-cf0c-4c79-9d08-33d67a550670 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2085	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b58db85c-1e62-48ad-ac2b-4bbd4eb17234 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2084	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b58db85c-1e62-48ad-ac2b-4bbd4eb17234 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2083	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b58db85c-1e62-48ad-ac2b-4bbd4eb17234 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2082	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b58db85c-1e62-48ad-ac2b-4bbd4eb17234 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2081	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b58db85c-1e62-48ad-ac2b-4bbd4eb17234 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2080	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b58db85c-1e62-48ad-ac2b-4bbd4eb17234 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2079	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b58db85c-1e62-48ad-ac2b-4bbd4eb17234 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2078	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b58db85c-1e62-48ad-ac2b-4bbd4eb17234 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2077	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=64f8b9bb-5716-4c49-9e5f-1cb2bc1dea1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b6c04a14-47e2-4af5-936b-c748c74c74b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2076	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=64f8b9bb-5716-4c49-9e5f-1cb2bc1dea1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2075	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=64f8b9bb-5716-4c49-9e5f-1cb2bc1dea1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2074	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=64f8b9bb-5716-4c49-9e5f-1cb2bc1dea1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2073	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=64f8b9bb-5716-4c49-9e5f-1cb2bc1dea1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2072	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=64f8b9bb-5716-4c49-9e5f-1cb2bc1dea1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2071	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=64f8b9bb-5716-4c49-9e5f-1cb2bc1dea1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2070	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e52a36da-c59d-4988-b8a0-0b563595d4e4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=30277fce-44c6-4716-9de6-85f949191bbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2069	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cf0d4365-fffd-4b0e-b78c-19afdae60f00 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion=5.1.14393.1944 RunspaceId=4fab3825-afbc-4051-80fc-8fac2415b6b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2068	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:40:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cf0d4365-fffd-4b0e-b78c-19afdae60f00 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion=5.1.14393.1944 RunspaceId=4fab3825-afbc-4051-80fc-8fac2415b6b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2067	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cf0d4365-fffd-4b0e-b78c-19afdae60f00 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2066	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cf0d4365-fffd-4b0e-b78c-19afdae60f00 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2065	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cf0d4365-fffd-4b0e-b78c-19afdae60f00 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2064	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cf0d4365-fffd-4b0e-b78c-19afdae60f00 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2063	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cf0d4365-fffd-4b0e-b78c-19afdae60f00 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2062	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cf0d4365-fffd-4b0e-b78c-19afdae60f00 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2061	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=0014555a-a8c4-4180-bf3b-c90eeb4d4cba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1435aa55-1d79-424a-a80d-76adb16ecdeb PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2060	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0014555a-a8c4-4180-bf3b-c90eeb4d4cba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1435aa55-1d79-424a-a80d-76adb16ecdeb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2059	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0014555a-a8c4-4180-bf3b-c90eeb4d4cba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2058	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0014555a-a8c4-4180-bf3b-c90eeb4d4cba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2057	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0014555a-a8c4-4180-bf3b-c90eeb4d4cba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2056	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0014555a-a8c4-4180-bf3b-c90eeb4d4cba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2055	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0014555a-a8c4-4180-bf3b-c90eeb4d4cba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2054	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0014555a-a8c4-4180-bf3b-c90eeb4d4cba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2053	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0014555a-a8c4-4180-bf3b-c90eeb4d4cba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2052	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0014555a-a8c4-4180-bf3b-c90eeb4d4cba HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2051	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e52a36da-c59d-4988-b8a0-0b563595d4e4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=30277fce-44c6-4716-9de6-85f949191bbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2050	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e52a36da-c59d-4988-b8a0-0b563595d4e4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2049	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e52a36da-c59d-4988-b8a0-0b563595d4e4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2048	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e52a36da-c59d-4988-b8a0-0b563595d4e4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2047	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e52a36da-c59d-4988-b8a0-0b563595d4e4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2046	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e52a36da-c59d-4988-b8a0-0b563595d4e4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2045	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e52a36da-c59d-4988-b8a0-0b563595d4e4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2044	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaaf7ad7-29b8-4c71-a1f0-7f8b5d02fe92 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b40526ff-a250-4754-b608-ac0d58eda00d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2043	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=36f96870-c709-4a59-8801-51d65e34e6c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=feffd81b-ff28-4f2c-be57-92a693f2d3fa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2042	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=36f96870-c709-4a59-8801-51d65e34e6c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2041	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=36f96870-c709-4a59-8801-51d65e34e6c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2040	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=36f96870-c709-4a59-8801-51d65e34e6c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2039	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=36f96870-c709-4a59-8801-51d65e34e6c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2038	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=36f96870-c709-4a59-8801-51d65e34e6c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2037	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=36f96870-c709-4a59-8801-51d65e34e6c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2036	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=36f96870-c709-4a59-8801-51d65e34e6c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2035	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=36f96870-c709-4a59-8801-51d65e34e6c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2034	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaaf7ad7-29b8-4c71-a1f0-7f8b5d02fe92 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b40526ff-a250-4754-b608-ac0d58eda00d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2033	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaaf7ad7-29b8-4c71-a1f0-7f8b5d02fe92 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2032	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaaf7ad7-29b8-4c71-a1f0-7f8b5d02fe92 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2031	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaaf7ad7-29b8-4c71-a1f0-7f8b5d02fe92 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2030	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaaf7ad7-29b8-4c71-a1f0-7f8b5d02fe92 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2029	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaaf7ad7-29b8-4c71-a1f0-7f8b5d02fe92 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2028	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaaf7ad7-29b8-4c71-a1f0-7f8b5d02fe92 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2027	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=613e88fa-ad41-49d5-8f67-0d96711fa219 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2b5bf42a-2f5c-4c17-b49a-a832a066e301 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2026	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f789cff-0b4c-4fc1-92c4-15ee67e2fda0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion=5.1.14393.1944 RunspaceId=3c73c6c5-c7bd-4ade-aa68-d53bdc47876d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2025	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f789cff-0b4c-4fc1-92c4-15ee67e2fda0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion=5.1.14393.1944 RunspaceId=3c73c6c5-c7bd-4ade-aa68-d53bdc47876d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2024	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f789cff-0b4c-4fc1-92c4-15ee67e2fda0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2023	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f789cff-0b4c-4fc1-92c4-15ee67e2fda0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2022	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f789cff-0b4c-4fc1-92c4-15ee67e2fda0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2021	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f789cff-0b4c-4fc1-92c4-15ee67e2fda0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2020	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f789cff-0b4c-4fc1-92c4-15ee67e2fda0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2019	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f789cff-0b4c-4fc1-92c4-15ee67e2fda0 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2018	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=0d0570ec-b5c3-4b3a-a7d6-2cdb4d1075cd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3caf958d-a1e9-4a2a-a1a2-5c5801ff4376 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2017	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0d0570ec-b5c3-4b3a-a7d6-2cdb4d1075cd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3caf958d-a1e9-4a2a-a1a2-5c5801ff4376 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2016	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0d0570ec-b5c3-4b3a-a7d6-2cdb4d1075cd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2015	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0d0570ec-b5c3-4b3a-a7d6-2cdb4d1075cd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2014	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0d0570ec-b5c3-4b3a-a7d6-2cdb4d1075cd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2013	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0d0570ec-b5c3-4b3a-a7d6-2cdb4d1075cd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2012	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0d0570ec-b5c3-4b3a-a7d6-2cdb4d1075cd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2011	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0d0570ec-b5c3-4b3a-a7d6-2cdb4d1075cd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2010	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0d0570ec-b5c3-4b3a-a7d6-2cdb4d1075cd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2009	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0d0570ec-b5c3-4b3a-a7d6-2cdb4d1075cd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2008	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=613e88fa-ad41-49d5-8f67-0d96711fa219 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2b5bf42a-2f5c-4c17-b49a-a832a066e301 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2007	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=613e88fa-ad41-49d5-8f67-0d96711fa219 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2006	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=613e88fa-ad41-49d5-8f67-0d96711fa219 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2005	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=613e88fa-ad41-49d5-8f67-0d96711fa219 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2004	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=613e88fa-ad41-49d5-8f67-0d96711fa219 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2003	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=613e88fa-ad41-49d5-8f67-0d96711fa219 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2002	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=613e88fa-ad41-49d5-8f67-0d96711fa219 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2001	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e931a43-3e8a-46f6-ab6a-938379b31b19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB4AEEARABBAEEATgB3AEEAdQBBAEQAYwBBAE4AdwBBAHQAQQBEAFUAQQBOAEEAQQAyAEEARABrAEEATQB3AEEAeABBAEQASQBBAE0AUQBBADQAQQBEAEkAQQBOAGcAQQAzAEEARABJAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=48b1b04e-ed02-4a6d-933b-6687e1fd43e6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2000	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cff84caf-ca5c-49d4-9f4a-7e5e7215bb00 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAxADAANwAuADcANwAtADUANAA2ADkAMwAxADIAMQA4ADIANgA3ADIAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=c0d085c6-e845-4dcc-8705-14a4af285ce5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1999	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cff84caf-ca5c-49d4-9f4a-7e5e7215bb00 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAxADAANwAuADcANwAtADUANAA2ADkAMwAxADIAMQA4ADIANgA3ADIAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=c0d085c6-e845-4dcc-8705-14a4af285ce5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1998	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cff84caf-ca5c-49d4-9f4a-7e5e7215bb00 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAxADAANwAuADcANwAtADUANAA2ADkAMwAxADIAMQA4ADIANgA3ADIAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1997	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cff84caf-ca5c-49d4-9f4a-7e5e7215bb00 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAxADAANwAuADcANwAtADUANAA2ADkAMwAxADIAMQA4ADIANgA3ADIAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1996	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cff84caf-ca5c-49d4-9f4a-7e5e7215bb00 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAxADAANwAuADcANwAtADUANAA2ADkAMwAxADIAMQA4ADIANgA3ADIAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1995	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cff84caf-ca5c-49d4-9f4a-7e5e7215bb00 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAxADAANwAuADcANwAtADUANAA2ADkAMwAxADIAMQA4ADIANgA3ADIAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1994	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cff84caf-ca5c-49d4-9f4a-7e5e7215bb00 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAxADAANwAuADcANwAtADUANAA2ADkAMwAxADIAMQA4ADIANgA3ADIAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1993	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cff84caf-ca5c-49d4-9f4a-7e5e7215bb00 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAxADAANwAuADcANwAtADUANAA2ADkAMwAxADIAMQA4ADIANgA3ADIAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1992	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e931a43-3e8a-46f6-ab6a-938379b31b19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB4AEEARABBAEEATgB3AEEAdQBBAEQAYwBBAE4AdwBBAHQAQQBEAFUAQQBOAEEAQQAyAEEARABrAEEATQB3AEEAeABBAEQASQBBAE0AUQBBADQAQQBEAEkAQQBOAGcAQQAzAEEARABJAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=48b1b04e-ed02-4a6d-933b-6687e1fd43e6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1991	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e931a43-3e8a-46f6-ab6a-938379b31b19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB4AEEARABBAEEATgB3AEEAdQBBAEQAYwBBAE4AdwBBAHQAQQBEAFUAQQBOAEEAQQAyAEEARABrAEEATQB3AEEAeABBAEQASQBBAE0AUQBBADQAQQBEAEkAQQBOAGcAQQAzAEEARABJAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1990	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e931a43-3e8a-46f6-ab6a-938379b31b19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB4AEEARABBAEEATgB3AEEAdQBBAEQAYwBBAE4AdwBBAHQAQQBEAFUAQQBOAEEAQQAyAEEARABrAEEATQB3AEEAeABBAEQASQBBAE0AUQBBADQAQQBEAEkAQQBOAGcAQQAzAEEARABJAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1989	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e931a43-3e8a-46f6-ab6a-938379b31b19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB4AEEARABBAEEATgB3AEEAdQBBAEQAYwBBAE4AdwBBAHQAQQBEAFUAQQBOAEEAQQAyAEEARABrAEEATQB3AEEAeABBAEQASQBBAE0AUQBBADQAQQBEAEkAQQBOAGcAQQAzAEEARABJAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1988	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e931a43-3e8a-46f6-ab6a-938379b31b19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB4AEEARABBAEEATgB3AEEAdQBBAEQAYwBBAE4AdwBBAHQAQQBEAFUAQQBOAEEAQQAyAEEARABrAEEATQB3AEEAeABBAEQASQBBAE0AUQBBADQAQQBEAEkAQQBOAGcAQQAzAEEARABJAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1987	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e931a43-3e8a-46f6-ab6a-938379b31b19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB4AEEARABBAEEATgB3AEEAdQBBAEQAYwBBAE4AdwBBAHQAQQBEAFUAQQBOAEEAQQAyAEEARABrAEEATQB3AEEAeABBAEQASQBBAE0AUQBBADQAQQBEAEkAQQBOAGcAQQAzAEEARABJAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1986	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e931a43-3e8a-46f6-ab6a-938379b31b19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAHcAQQB4AEEARABBAEEATgB3AEEAdQBBAEQAYwBBAE4AdwBBAHQAQQBEAFUAQQBOAEEAQQAyAEEARABrAEEATQB3AEEAeABBAEQASQBBAE0AUQBBADQAQQBEAEkAQQBOAGcAQQAzAEEARABJAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1985	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0eb7140c-00fa-4abd-b972-df59d7395304 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3f3f73bd-5127-4c74-be3f-93503bd5fea2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1984	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9ffce832-a273-453f-b645-b1bf801a7bb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=20593eca-afd8-48ff-bd5d-7bfd8d9afbbf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1983	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9ffce832-a273-453f-b645-b1bf801a7bb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1982	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9ffce832-a273-453f-b645-b1bf801a7bb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1981	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9ffce832-a273-453f-b645-b1bf801a7bb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1980	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9ffce832-a273-453f-b645-b1bf801a7bb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1979	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9ffce832-a273-453f-b645-b1bf801a7bb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1978	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9ffce832-a273-453f-b645-b1bf801a7bb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1977	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9ffce832-a273-453f-b645-b1bf801a7bb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1976	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9ffce832-a273-453f-b645-b1bf801a7bb2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1975	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0eb7140c-00fa-4abd-b972-df59d7395304 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3f3f73bd-5127-4c74-be3f-93503bd5fea2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1974	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0eb7140c-00fa-4abd-b972-df59d7395304 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1973	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0eb7140c-00fa-4abd-b972-df59d7395304 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1972	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0eb7140c-00fa-4abd-b972-df59d7395304 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1971	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0eb7140c-00fa-4abd-b972-df59d7395304 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1970	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0eb7140c-00fa-4abd-b972-df59d7395304 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1969	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0eb7140c-00fa-4abd-b972-df59d7395304 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1968	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41301d1e-8da2-4e30-9e00-358edde69f11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAxADAANwAuADcANwAtADUANAA2ADkAMwAxADIAMQA4ADIANgA3ADIAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=7e6b0e47-f107-4080-af6f-66e748dbe3af PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1967	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41301d1e-8da2-4e30-9e00-358edde69f11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAxADAANwAuADcANwAtADUANAA2ADkAMwAxADIAMQA4ADIANgA3ADIAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=7e6b0e47-f107-4080-af6f-66e748dbe3af PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1966	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41301d1e-8da2-4e30-9e00-358edde69f11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAxADAANwAuADcANwAtADUANAA2ADkAMwAxADIAMQA4ADIANgA3ADIAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1965	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41301d1e-8da2-4e30-9e00-358edde69f11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAxADAANwAuADcANwAtADUANAA2ADkAMwAxADIAMQA4ADIANgA3ADIAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1964	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41301d1e-8da2-4e30-9e00-358edde69f11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAxADAANwAuADcANwAtADUANAA2ADkAMwAxADIAMQA4ADIANgA3ADIAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1963	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41301d1e-8da2-4e30-9e00-358edde69f11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAxADAANwAuADcANwAtADUANAA2ADkAMwAxADIAMQA4ADIANgA3ADIAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1962	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41301d1e-8da2-4e30-9e00-358edde69f11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAxADAANwAuADcANwAtADUANAA2ADkAMwAxADIAMQA4ADIANgA3ADIAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1961	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41301d1e-8da2-4e30-9e00-358edde69f11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMwAxADAANwAuADcANwAtADUANAA2ADkAMwAxADIAMQA4ADIANgA3ADIAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1960	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54a21eee-273a-44c9-9f7a-51232ecca564 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEUAQQBNAEEAQQAzAEEAQwA0AEEATgB3AEEAMwBBAEMAMABBAE4AUQBBADAAQQBEAFkAQQBPAFEAQQB6AEEARABFAEEATQBnAEEAeABBAEQAZwBBAE0AZwBBADIAQQBEAGMAQQBNAGcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=9f46960e-2f23-451f-8e9d-cb5d59285ced PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1959	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=312bf093-20ab-4836-815d-5ce21826a3e7 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADEAMAA3AC4ANwA3AC0ANQA0ADYAOQAzADEAMgAxADgAMgA2ADcAMgA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=37581468-5928-4cb1-930e-e13bbb408bb5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1958	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=312bf093-20ab-4836-815d-5ce21826a3e7 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADEAMAA3AC4ANwA3AC0ANQA0ADYAOQAzADEAMgAxADgAMgA2ADcAMgA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=37581468-5928-4cb1-930e-e13bbb408bb5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1957	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=312bf093-20ab-4836-815d-5ce21826a3e7 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADEAMAA3AC4ANwA3AC0ANQA0ADYAOQAzADEAMgAxADgAMgA2ADcAMgA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1956	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=312bf093-20ab-4836-815d-5ce21826a3e7 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADEAMAA3AC4ANwA3AC0ANQA0ADYAOQAzADEAMgAxADgAMgA2ADcAMgA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1955	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=312bf093-20ab-4836-815d-5ce21826a3e7 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADEAMAA3AC4ANwA3AC0ANQA0ADYAOQAzADEAMgAxADgAMgA2ADcAMgA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1954	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=312bf093-20ab-4836-815d-5ce21826a3e7 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADEAMAA3AC4ANwA3AC0ANQA0ADYAOQAzADEAMgAxADgAMgA2ADcAMgA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1953	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=312bf093-20ab-4836-815d-5ce21826a3e7 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADEAMAA3AC4ANwA3AC0ANQA0ADYAOQAzADEAMgAxADgAMgA2ADcAMgA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1952	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=312bf093-20ab-4836-815d-5ce21826a3e7 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAzADEAMAA3AC4ANwA3AC0ANQA0ADYAOQAzADEAMgAxADgAMgA2ADcAMgA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1951	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54a21eee-273a-44c9-9f7a-51232ecca564 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEUAQQBNAEEAQQAzAEEAQwA0AEEATgB3AEEAMwBBAEMAMABBAE4AUQBBADAAQQBEAFkAQQBPAFEAQQB6AEEARABFAEEATQBnAEEAeABBAEQAZwBBAE0AZwBBADIAQQBEAGMAQQBNAGcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=9f46960e-2f23-451f-8e9d-cb5d59285ced PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1950	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54a21eee-273a-44c9-9f7a-51232ecca564 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEUAQQBNAEEAQQAzAEEAQwA0AEEATgB3AEEAMwBBAEMAMABBAE4AUQBBADAAQQBEAFkAQQBPAFEAQQB6AEEARABFAEEATQBnAEEAeABBAEQAZwBBAE0AZwBBADIAQQBEAGMAQQBNAGcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1949	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54a21eee-273a-44c9-9f7a-51232ecca564 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEUAQQBNAEEAQQAzAEEAQwA0AEEATgB3AEEAMwBBAEMAMABBAE4AUQBBADAAQQBEAFkAQQBPAFEAQQB6AEEARABFAEEATQBnAEEAeABBAEQAZwBBAE0AZwBBADIAQQBEAGMAQQBNAGcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1948	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54a21eee-273a-44c9-9f7a-51232ecca564 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEUAQQBNAEEAQQAzAEEAQwA0AEEATgB3AEEAMwBBAEMAMABBAE4AUQBBADAAQQBEAFkAQQBPAFEAQQB6AEEARABFAEEATQBnAEEAeABBAEQAZwBBAE0AZwBBADIAQQBEAGMAQQBNAGcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1947	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54a21eee-273a-44c9-9f7a-51232ecca564 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEUAQQBNAEEAQQAzAEEAQwA0AEEATgB3AEEAMwBBAEMAMABBAE4AUQBBADAAQQBEAFkAQQBPAFEAQQB6AEEARABFAEEATQBnAEEAeABBAEQAZwBBAE0AZwBBADIAQQBEAGMAQQBNAGcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1946	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54a21eee-273a-44c9-9f7a-51232ecca564 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEUAQQBNAEEAQQAzAEEAQwA0AEEATgB3AEEAMwBBAEMAMABBAE4AUQBBADAAQQBEAFkAQQBPAFEAQQB6AEEARABFAEEATQBnAEEAeABBAEQAZwBBAE0AZwBBADIAQQBEAGMAQQBNAGcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1945	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54a21eee-273a-44c9-9f7a-51232ecca564 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHoAQQBEAEUAQQBNAEEAQQAzAEEAQwA0AEEATgB3AEEAMwBBAEMAMABBAE4AUQBBADAAQQBEAFkAQQBPAFEAQQB6AEEARABFAEEATQBnAEEAeABBAEQAZwBBAE0AZwBBADIAQQBEAGMAQQBNAGcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1944	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=036e0c08-f751-4db1-bfbb-0e9b201d35f9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=380cf68b-02eb-4ef2-9902-b71668ea9c42 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1943	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=65a3aa34-fd27-439d-9f5f-79e7821f91a0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8d4b1a05-ea52-4d8b-a1e5-7059f88aeac4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1942	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=65a3aa34-fd27-439d-9f5f-79e7821f91a0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1941	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=65a3aa34-fd27-439d-9f5f-79e7821f91a0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1940	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=65a3aa34-fd27-439d-9f5f-79e7821f91a0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1939	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=65a3aa34-fd27-439d-9f5f-79e7821f91a0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1938	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=65a3aa34-fd27-439d-9f5f-79e7821f91a0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1937	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=65a3aa34-fd27-439d-9f5f-79e7821f91a0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1936	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=65a3aa34-fd27-439d-9f5f-79e7821f91a0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1935	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=65a3aa34-fd27-439d-9f5f-79e7821f91a0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1934	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=036e0c08-f751-4db1-bfbb-0e9b201d35f9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=380cf68b-02eb-4ef2-9902-b71668ea9c42 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1933	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=036e0c08-f751-4db1-bfbb-0e9b201d35f9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1932	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=036e0c08-f751-4db1-bfbb-0e9b201d35f9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1931	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=036e0c08-f751-4db1-bfbb-0e9b201d35f9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1930	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=036e0c08-f751-4db1-bfbb-0e9b201d35f9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1929	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=036e0c08-f751-4db1-bfbb-0e9b201d35f9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1928	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=036e0c08-f751-4db1-bfbb-0e9b201d35f9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1927	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=67686225-b2f3-4299-87d2-d248a49a4e34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=36aea145-b0d3-4297-b4ed-6b0253249e2a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1926	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=359d229e-b4cd-40ab-91fd-5155d832a2d1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion=5.1.14393.1944 RunspaceId=2e955322-11a8-49e3-81ca-c8898808efa7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1925	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:38:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=359d229e-b4cd-40ab-91fd-5155d832a2d1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion=5.1.14393.1944 RunspaceId=2e955322-11a8-49e3-81ca-c8898808efa7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1924	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=359d229e-b4cd-40ab-91fd-5155d832a2d1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1923	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=359d229e-b4cd-40ab-91fd-5155d832a2d1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1922	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=359d229e-b4cd-40ab-91fd-5155d832a2d1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1921	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=359d229e-b4cd-40ab-91fd-5155d832a2d1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1920	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=359d229e-b4cd-40ab-91fd-5155d832a2d1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1919	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=359d229e-b4cd-40ab-91fd-5155d832a2d1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1918	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=53f17e83-6be3-43ae-94dc-263a6b2ba138 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9b7a782b-715d-42ff-b258-94c6bdcf9b1a PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1917	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=53f17e83-6be3-43ae-94dc-263a6b2ba138 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9b7a782b-715d-42ff-b258-94c6bdcf9b1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1916	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=53f17e83-6be3-43ae-94dc-263a6b2ba138 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1915	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=53f17e83-6be3-43ae-94dc-263a6b2ba138 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1914	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=53f17e83-6be3-43ae-94dc-263a6b2ba138 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1913	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=53f17e83-6be3-43ae-94dc-263a6b2ba138 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1912	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=53f17e83-6be3-43ae-94dc-263a6b2ba138 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1911	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=53f17e83-6be3-43ae-94dc-263a6b2ba138 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1910	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=53f17e83-6be3-43ae-94dc-263a6b2ba138 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1909	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=53f17e83-6be3-43ae-94dc-263a6b2ba138 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1908	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=67686225-b2f3-4299-87d2-d248a49a4e34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=36aea145-b0d3-4297-b4ed-6b0253249e2a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1907	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=67686225-b2f3-4299-87d2-d248a49a4e34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1906	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=67686225-b2f3-4299-87d2-d248a49a4e34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1905	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=67686225-b2f3-4299-87d2-d248a49a4e34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1904	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=67686225-b2f3-4299-87d2-d248a49a4e34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1903	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=67686225-b2f3-4299-87d2-d248a49a4e34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1902	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=67686225-b2f3-4299-87d2-d248a49a4e34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1901	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cf130044-a69e-4b35-b9de-602b29821cce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=764007de-fef1-4543-9d21-dfd8cb779e34 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1900	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f279a732-b190-41ce-9d39-3fefff3578ab HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d4ae8262-ee70-4f75-ba8d-5f09762b1beb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1899	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f279a732-b190-41ce-9d39-3fefff3578ab HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1898	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f279a732-b190-41ce-9d39-3fefff3578ab HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1897	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f279a732-b190-41ce-9d39-3fefff3578ab HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1896	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f279a732-b190-41ce-9d39-3fefff3578ab HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1895	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f279a732-b190-41ce-9d39-3fefff3578ab HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1894	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f279a732-b190-41ce-9d39-3fefff3578ab HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1893	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f279a732-b190-41ce-9d39-3fefff3578ab HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1892	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f279a732-b190-41ce-9d39-3fefff3578ab HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1891	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cf130044-a69e-4b35-b9de-602b29821cce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=764007de-fef1-4543-9d21-dfd8cb779e34 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1890	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cf130044-a69e-4b35-b9de-602b29821cce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1889	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cf130044-a69e-4b35-b9de-602b29821cce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1888	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cf130044-a69e-4b35-b9de-602b29821cce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1887	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cf130044-a69e-4b35-b9de-602b29821cce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1886	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cf130044-a69e-4b35-b9de-602b29821cce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1885	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cf130044-a69e-4b35-b9de-602b29821cce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1884	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25e1cc24-4265-431c-a9f2-a2ca753fe364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d53b23d6-3c46-4b0a-b614-fc5d0f93c6ad PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1883	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e646652-f8ce-4cc8-b86a-a48f259a2195 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion=5.1.14393.1944 RunspaceId=3626ac52-0912-49a4-9f43-25ade75b7e0e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1882	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e646652-f8ce-4cc8-b86a-a48f259a2195 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion=5.1.14393.1944 RunspaceId=3626ac52-0912-49a4-9f43-25ade75b7e0e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1881	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e646652-f8ce-4cc8-b86a-a48f259a2195 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1880	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e646652-f8ce-4cc8-b86a-a48f259a2195 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1879	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e646652-f8ce-4cc8-b86a-a48f259a2195 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1878	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e646652-f8ce-4cc8-b86a-a48f259a2195 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1877	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e646652-f8ce-4cc8-b86a-a48f259a2195 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1876	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e646652-f8ce-4cc8-b86a-a48f259a2195 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1875	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=8634a40d-ffd0-4546-abd9-2a1fc731e403 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=40173681-d6e3-4ae2-bcc7-9d198f539c1b PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1874	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8634a40d-ffd0-4546-abd9-2a1fc731e403 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=40173681-d6e3-4ae2-bcc7-9d198f539c1b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1873	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8634a40d-ffd0-4546-abd9-2a1fc731e403 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1872	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8634a40d-ffd0-4546-abd9-2a1fc731e403 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1871	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8634a40d-ffd0-4546-abd9-2a1fc731e403 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1870	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8634a40d-ffd0-4546-abd9-2a1fc731e403 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1869	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8634a40d-ffd0-4546-abd9-2a1fc731e403 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1868	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8634a40d-ffd0-4546-abd9-2a1fc731e403 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1867	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8634a40d-ffd0-4546-abd9-2a1fc731e403 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1866	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8634a40d-ffd0-4546-abd9-2a1fc731e403 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1865	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25e1cc24-4265-431c-a9f2-a2ca753fe364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d53b23d6-3c46-4b0a-b614-fc5d0f93c6ad PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1864	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25e1cc24-4265-431c-a9f2-a2ca753fe364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1863	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25e1cc24-4265-431c-a9f2-a2ca753fe364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1862	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25e1cc24-4265-431c-a9f2-a2ca753fe364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1861	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25e1cc24-4265-431c-a9f2-a2ca753fe364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1860	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25e1cc24-4265-431c-a9f2-a2ca753fe364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1859	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=25e1cc24-4265-431c-a9f2-a2ca753fe364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1858	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=10ed386f-3a3f-4693-8597-0e97b966c588 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQA0AEEARABRAEEATQBnAEEAdQBBAEQATQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABVAEEATQBnAEEANABBAEQASQBBAE0AdwBBAHkAQQBEAGcAQQBPAEEAQQA1AEEARABVAEEATwBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=c21f5ab8-e329-4c1e-b5b4-16e2e044dba0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1857	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0ba146c5-9e85-4eda-9029-94062a2e0117 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA4ADQAMgAuADMANAAtADEAMAAxADUAMgA4ADIAMwAyADgAOAA5ADUAOAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=432e2b2f-1cfd-4d86-8d12-30c9db1a50bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1856	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0ba146c5-9e85-4eda-9029-94062a2e0117 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA4ADQAMgAuADMANAAtADEAMAAxADUAMgA4ADIAMwAyADgAOAA5ADUAOAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=432e2b2f-1cfd-4d86-8d12-30c9db1a50bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1855	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0ba146c5-9e85-4eda-9029-94062a2e0117 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA4ADQAMgAuADMANAAtADEAMAAxADUAMgA4ADIAMwAyADgAOAA5ADUAOAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1854	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0ba146c5-9e85-4eda-9029-94062a2e0117 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA4ADQAMgAuADMANAAtADEAMAAxADUAMgA4ADIAMwAyADgAOAA5ADUAOAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1853	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0ba146c5-9e85-4eda-9029-94062a2e0117 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA4ADQAMgAuADMANAAtADEAMAAxADUAMgA4ADIAMwAyADgAOAA5ADUAOAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1852	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0ba146c5-9e85-4eda-9029-94062a2e0117 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA4ADQAMgAuADMANAAtADEAMAAxADUAMgA4ADIAMwAyADgAOAA5ADUAOAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1851	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0ba146c5-9e85-4eda-9029-94062a2e0117 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA4ADQAMgAuADMANAAtADEAMAAxADUAMgA4ADIAMwAyADgAOAA5ADUAOAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1850	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0ba146c5-9e85-4eda-9029-94062a2e0117 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA4ADQAMgAuADMANAAtADEAMAAxADUAMgA4ADIAMwAyADgAOAA5ADUAOAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1849	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=10ed386f-3a3f-4693-8597-0e97b966c588 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQA0AEEARABRAEEATQBnAEEAdQBBAEQATQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABVAEEATQBnAEEANABBAEQASQBBAE0AdwBBAHkAQQBEAGcAQQBPAEEAQQA1AEEARABVAEEATwBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=c21f5ab8-e329-4c1e-b5b4-16e2e044dba0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1848	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=10ed386f-3a3f-4693-8597-0e97b966c588 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQA0AEEARABRAEEATQBnAEEAdQBBAEQATQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABVAEEATQBnAEEANABBAEQASQBBAE0AdwBBAHkAQQBEAGcAQQBPAEEAQQA1AEEARABVAEEATwBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1847	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=10ed386f-3a3f-4693-8597-0e97b966c588 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQA0AEEARABRAEEATQBnAEEAdQBBAEQATQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABVAEEATQBnAEEANABBAEQASQBBAE0AdwBBAHkAQQBEAGcAQQBPAEEAQQA1AEEARABVAEEATwBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1846	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=10ed386f-3a3f-4693-8597-0e97b966c588 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQA0AEEARABRAEEATQBnAEEAdQBBAEQATQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABVAEEATQBnAEEANABBAEQASQBBAE0AdwBBAHkAQQBEAGcAQQBPAEEAQQA1AEEARABVAEEATwBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1845	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=10ed386f-3a3f-4693-8597-0e97b966c588 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQA0AEEARABRAEEATQBnAEEAdQBBAEQATQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABVAEEATQBnAEEANABBAEQASQBBAE0AdwBBAHkAQQBEAGcAQQBPAEEAQQA1AEEARABVAEEATwBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1844	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=10ed386f-3a3f-4693-8597-0e97b966c588 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQA0AEEARABRAEEATQBnAEEAdQBBAEQATQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABVAEEATQBnAEEANABBAEQASQBBAE0AdwBBAHkAQQBEAGcAQQBPAEEAQQA1AEEARABVAEEATwBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1843	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=10ed386f-3a3f-4693-8597-0e97b966c588 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQA0AEEARABRAEEATQBnAEEAdQBBAEQATQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABVAEEATQBnAEEANABBAEQASQBBAE0AdwBBAHkAQQBEAGcAQQBPAEEAQQA1AEEARABVAEEATwBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1842	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=afdc0366-ce60-4462-b61c-56dc7fe1830a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c76fd2d2-17dd-414c-a23a-a5432a991db4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1841	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6ebd771-1c03-41a9-b256-4bedf3017368 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6ce80a84-0e92-4f1a-9536-591f753819b0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1840	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6ebd771-1c03-41a9-b256-4bedf3017368 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1839	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6ebd771-1c03-41a9-b256-4bedf3017368 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1838	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6ebd771-1c03-41a9-b256-4bedf3017368 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1837	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6ebd771-1c03-41a9-b256-4bedf3017368 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1836	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6ebd771-1c03-41a9-b256-4bedf3017368 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1835	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6ebd771-1c03-41a9-b256-4bedf3017368 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1834	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6ebd771-1c03-41a9-b256-4bedf3017368 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1833	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6ebd771-1c03-41a9-b256-4bedf3017368 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1832	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=afdc0366-ce60-4462-b61c-56dc7fe1830a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c76fd2d2-17dd-414c-a23a-a5432a991db4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1831	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=afdc0366-ce60-4462-b61c-56dc7fe1830a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1830	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=afdc0366-ce60-4462-b61c-56dc7fe1830a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1829	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=afdc0366-ce60-4462-b61c-56dc7fe1830a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1828	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=afdc0366-ce60-4462-b61c-56dc7fe1830a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1827	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=afdc0366-ce60-4462-b61c-56dc7fe1830a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1826	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=afdc0366-ce60-4462-b61c-56dc7fe1830a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1825	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6a9c9094-7732-4a9a-916b-a5c00b25b663 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA4ADQAMgAuADMANAAtADEAMAAxADUAMgA4ADIAMwAyADgAOAA5ADUAOAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=e9e04970-027e-4995-9c44-682990939480 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1824	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6a9c9094-7732-4a9a-916b-a5c00b25b663 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA4ADQAMgAuADMANAAtADEAMAAxADUAMgA4ADIAMwAyADgAOAA5ADUAOAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=e9e04970-027e-4995-9c44-682990939480 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1823	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6a9c9094-7732-4a9a-916b-a5c00b25b663 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA4ADQAMgAuADMANAAtADEAMAAxADUAMgA4ADIAMwAyADgAOAA5ADUAOAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1822	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6a9c9094-7732-4a9a-916b-a5c00b25b663 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA4ADQAMgAuADMANAAtADEAMAAxADUAMgA4ADIAMwAyADgAOAA5ADUAOAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1821	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6a9c9094-7732-4a9a-916b-a5c00b25b663 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA4ADQAMgAuADMANAAtADEAMAAxADUAMgA4ADIAMwAyADgAOAA5ADUAOAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1820	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6a9c9094-7732-4a9a-916b-a5c00b25b663 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA4ADQAMgAuADMANAAtADEAMAAxADUAMgA4ADIAMwAyADgAOAA5ADUAOAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1819	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6a9c9094-7732-4a9a-916b-a5c00b25b663 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA4ADQAMgAuADMANAAtADEAMAAxADUAMgA4ADIAMwAyADgAOAA5ADUAOAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1818	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6a9c9094-7732-4a9a-916b-a5c00b25b663 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA4ADQAMgAuADMANAAtADEAMAAxADUAMgA4ADIAMwAyADgAOAA5ADUAOAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1817	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ba595009-f206-46f9-9ed8-51e83fe0baae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAGcAQQBOAEEAQQB5AEEAQwA0AEEATQB3AEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBOAFEAQQB5AEEARABnAEEATQBnAEEAegBBAEQASQBBAE8AQQBBADQAQQBEAGsAQQBOAFEAQQA0AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=8372b478-d06b-47a3-9d14-3d2b97dd0a6d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1816	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1835d6a-6872-4d6b-b141-8d883f401a2c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADgANAAyAC4AMwA0AC0AMQAwADEANQAyADgAMgAzADIAOAA4ADkANQA4ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=a3ff4a5d-b4de-460f-8242-b89d07ace98f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1815	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1835d6a-6872-4d6b-b141-8d883f401a2c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADgANAAyAC4AMwA0AC0AMQAwADEANQAyADgAMgAzADIAOAA4ADkANQA4ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=a3ff4a5d-b4de-460f-8242-b89d07ace98f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1814	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1835d6a-6872-4d6b-b141-8d883f401a2c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADgANAAyAC4AMwA0AC0AMQAwADEANQAyADgAMgAzADIAOAA4ADkANQA4ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1813	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1835d6a-6872-4d6b-b141-8d883f401a2c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADgANAAyAC4AMwA0AC0AMQAwADEANQAyADgAMgAzADIAOAA4ADkANQA4ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1812	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1835d6a-6872-4d6b-b141-8d883f401a2c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADgANAAyAC4AMwA0AC0AMQAwADEANQAyADgAMgAzADIAOAA4ADkANQA4ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1811	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1835d6a-6872-4d6b-b141-8d883f401a2c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADgANAAyAC4AMwA0AC0AMQAwADEANQAyADgAMgAzADIAOAA4ADkANQA4ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1810	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1835d6a-6872-4d6b-b141-8d883f401a2c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADgANAAyAC4AMwA0AC0AMQAwADEANQAyADgAMgAzADIAOAA4ADkANQA4ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1809	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d1835d6a-6872-4d6b-b141-8d883f401a2c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADgANAAyAC4AMwA0AC0AMQAwADEANQAyADgAMgAzADIAOAA4ADkANQA4ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1808	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ba595009-f206-46f9-9ed8-51e83fe0baae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAGcAQQBOAEEAQQB5AEEAQwA0AEEATQB3AEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBOAFEAQQB5AEEARABnAEEATQBnAEEAegBBAEQASQBBAE8AQQBBADQAQQBEAGsAQQBOAFEAQQA0AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=8372b478-d06b-47a3-9d14-3d2b97dd0a6d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1807	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ba595009-f206-46f9-9ed8-51e83fe0baae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAGcAQQBOAEEAQQB5AEEAQwA0AEEATQB3AEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBOAFEAQQB5AEEARABnAEEATQBnAEEAegBBAEQASQBBAE8AQQBBADQAQQBEAGsAQQBOAFEAQQA0AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1806	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ba595009-f206-46f9-9ed8-51e83fe0baae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAGcAQQBOAEEAQQB5AEEAQwA0AEEATQB3AEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBOAFEAQQB5AEEARABnAEEATQBnAEEAegBBAEQASQBBAE8AQQBBADQAQQBEAGsAQQBOAFEAQQA0AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1805	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ba595009-f206-46f9-9ed8-51e83fe0baae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAGcAQQBOAEEAQQB5AEEAQwA0AEEATQB3AEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBOAFEAQQB5AEEARABnAEEATQBnAEEAegBBAEQASQBBAE8AQQBBADQAQQBEAGsAQQBOAFEAQQA0AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1804	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ba595009-f206-46f9-9ed8-51e83fe0baae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAGcAQQBOAEEAQQB5AEEAQwA0AEEATQB3AEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBOAFEAQQB5AEEARABnAEEATQBnAEEAegBBAEQASQBBAE8AQQBBADQAQQBEAGsAQQBOAFEAQQA0AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1803	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ba595009-f206-46f9-9ed8-51e83fe0baae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAGcAQQBOAEEAQQB5AEEAQwA0AEEATQB3AEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBOAFEAQQB5AEEARABnAEEATQBnAEEAegBBAEQASQBBAE8AQQBBADQAQQBEAGsAQQBOAFEAQQA0AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1802	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ba595009-f206-46f9-9ed8-51e83fe0baae HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAGcAQQBOAEEAQQB5AEEAQwA0AEEATQB3AEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBOAFEAQQB5AEEARABnAEEATQBnAEEAegBBAEQASQBBAE8AQQBBADQAQQBEAGsAQQBOAFEAQQA0AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1801	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8244b8b-8ae8-4902-b582-39743759280f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=180b887f-5333-4c5a-ac27-96fdf633b7fa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1800	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c5a9b535-8a5d-4ec5-8035-b04b9a628a34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=81b78be1-8207-49b8-821a-a2f96375b28d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1799	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c5a9b535-8a5d-4ec5-8035-b04b9a628a34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1798	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c5a9b535-8a5d-4ec5-8035-b04b9a628a34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1797	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c5a9b535-8a5d-4ec5-8035-b04b9a628a34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1796	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c5a9b535-8a5d-4ec5-8035-b04b9a628a34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1795	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c5a9b535-8a5d-4ec5-8035-b04b9a628a34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1794	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c5a9b535-8a5d-4ec5-8035-b04b9a628a34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1793	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c5a9b535-8a5d-4ec5-8035-b04b9a628a34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1792	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c5a9b535-8a5d-4ec5-8035-b04b9a628a34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1791	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8244b8b-8ae8-4902-b582-39743759280f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=180b887f-5333-4c5a-ac27-96fdf633b7fa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1790	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8244b8b-8ae8-4902-b582-39743759280f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1789	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8244b8b-8ae8-4902-b582-39743759280f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1788	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8244b8b-8ae8-4902-b582-39743759280f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1787	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8244b8b-8ae8-4902-b582-39743759280f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1786	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8244b8b-8ae8-4902-b582-39743759280f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1785	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e8244b8b-8ae8-4902-b582-39743759280f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1784	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a66e4c2-4890-4157-a65b-aa40df51ee17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=90d7ba8a-fb8b-4718-9658-f2a951beef17 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1783	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=016e247b-81bb-479d-ad03-c1850508ed3d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion=5.1.14393.1944 RunspaceId=08c038f0-6f69-4bea-819b-2533710ecfa0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1782	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:34:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=016e247b-81bb-479d-ad03-c1850508ed3d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion=5.1.14393.1944 RunspaceId=08c038f0-6f69-4bea-819b-2533710ecfa0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1781	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=016e247b-81bb-479d-ad03-c1850508ed3d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1780	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=016e247b-81bb-479d-ad03-c1850508ed3d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1779	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=016e247b-81bb-479d-ad03-c1850508ed3d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1778	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=016e247b-81bb-479d-ad03-c1850508ed3d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1777	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=016e247b-81bb-479d-ad03-c1850508ed3d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1776	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=016e247b-81bb-479d-ad03-c1850508ed3d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1775	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=a727f9c1-a55e-4b8a-a13f-c52f44018a8e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=88e2e9c4-2006-43df-8a29-a55ecdca9505 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1774	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a727f9c1-a55e-4b8a-a13f-c52f44018a8e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=88e2e9c4-2006-43df-8a29-a55ecdca9505 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1773	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a727f9c1-a55e-4b8a-a13f-c52f44018a8e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1772	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a727f9c1-a55e-4b8a-a13f-c52f44018a8e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1771	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a727f9c1-a55e-4b8a-a13f-c52f44018a8e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1770	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a727f9c1-a55e-4b8a-a13f-c52f44018a8e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1769	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a727f9c1-a55e-4b8a-a13f-c52f44018a8e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1768	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a727f9c1-a55e-4b8a-a13f-c52f44018a8e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1767	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a727f9c1-a55e-4b8a-a13f-c52f44018a8e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1766	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a727f9c1-a55e-4b8a-a13f-c52f44018a8e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1765	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a66e4c2-4890-4157-a65b-aa40df51ee17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=90d7ba8a-fb8b-4718-9658-f2a951beef17 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1764	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a66e4c2-4890-4157-a65b-aa40df51ee17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1763	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a66e4c2-4890-4157-a65b-aa40df51ee17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1762	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a66e4c2-4890-4157-a65b-aa40df51ee17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1761	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a66e4c2-4890-4157-a65b-aa40df51ee17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1760	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a66e4c2-4890-4157-a65b-aa40df51ee17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1759	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a66e4c2-4890-4157-a65b-aa40df51ee17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1758	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aa31d038-1a7e-41ff-8e7c-22cb4b4cad08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=03220fe6-fc95-466e-b094-3f5c8b87ac8c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1757	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ee22ea9c-599b-46eb-ae0a-ba120071fdae HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion=5.1.14393.1944 RunspaceId=6d03e0c5-0c7a-4f39-9412-50f5c366e3bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1756	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ee22ea9c-599b-46eb-ae0a-ba120071fdae HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion=5.1.14393.1944 RunspaceId=6d03e0c5-0c7a-4f39-9412-50f5c366e3bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1755	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ee22ea9c-599b-46eb-ae0a-ba120071fdae HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1754	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ee22ea9c-599b-46eb-ae0a-ba120071fdae HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1753	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ee22ea9c-599b-46eb-ae0a-ba120071fdae HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1752	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ee22ea9c-599b-46eb-ae0a-ba120071fdae HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1751	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ee22ea9c-599b-46eb-ae0a-ba120071fdae HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1750	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ee22ea9c-599b-46eb-ae0a-ba120071fdae HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1749	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=d98dc361-06d2-4f4d-b6f7-2f0be4095942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=71ec824c-ee3a-410d-a38b-55e2a70f4edf PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1748	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d98dc361-06d2-4f4d-b6f7-2f0be4095942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=71ec824c-ee3a-410d-a38b-55e2a70f4edf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1747	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d98dc361-06d2-4f4d-b6f7-2f0be4095942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1746	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d98dc361-06d2-4f4d-b6f7-2f0be4095942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1745	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d98dc361-06d2-4f4d-b6f7-2f0be4095942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1744	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d98dc361-06d2-4f4d-b6f7-2f0be4095942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1743	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d98dc361-06d2-4f4d-b6f7-2f0be4095942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1742	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d98dc361-06d2-4f4d-b6f7-2f0be4095942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1741	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d98dc361-06d2-4f4d-b6f7-2f0be4095942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1740	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d98dc361-06d2-4f4d-b6f7-2f0be4095942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1739	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aa31d038-1a7e-41ff-8e7c-22cb4b4cad08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=03220fe6-fc95-466e-b094-3f5c8b87ac8c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1738	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aa31d038-1a7e-41ff-8e7c-22cb4b4cad08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1737	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aa31d038-1a7e-41ff-8e7c-22cb4b4cad08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1736	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aa31d038-1a7e-41ff-8e7c-22cb4b4cad08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1735	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aa31d038-1a7e-41ff-8e7c-22cb4b4cad08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1734	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aa31d038-1a7e-41ff-8e7c-22cb4b4cad08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1733	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aa31d038-1a7e-41ff-8e7c-22cb4b4cad08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1732	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb0c94ca-2273-4853-8202-fc59c3ac165c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4d632ca0-57a6-450f-a493-966850784027 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1731	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56c52d56-8c39-4bdc-b7e9-eaf0ec08f54e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion=5.1.14393.1944 RunspaceId=5bdf9709-ad32-4129-a4f0-d1541fdb0feb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1730	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:33:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56c52d56-8c39-4bdc-b7e9-eaf0ec08f54e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion=5.1.14393.1944 RunspaceId=5bdf9709-ad32-4129-a4f0-d1541fdb0feb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1729	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56c52d56-8c39-4bdc-b7e9-eaf0ec08f54e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1728	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56c52d56-8c39-4bdc-b7e9-eaf0ec08f54e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1727	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56c52d56-8c39-4bdc-b7e9-eaf0ec08f54e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1726	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56c52d56-8c39-4bdc-b7e9-eaf0ec08f54e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1725	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56c52d56-8c39-4bdc-b7e9-eaf0ec08f54e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1724	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56c52d56-8c39-4bdc-b7e9-eaf0ec08f54e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1723	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc68803b-10a6-4a8e-8e47-abda7c3cfb11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3dafcf43-30ae-4f74-9b5b-62d2770a4db4 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1722	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc68803b-10a6-4a8e-8e47-abda7c3cfb11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3dafcf43-30ae-4f74-9b5b-62d2770a4db4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1721	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc68803b-10a6-4a8e-8e47-abda7c3cfb11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1720	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc68803b-10a6-4a8e-8e47-abda7c3cfb11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1719	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc68803b-10a6-4a8e-8e47-abda7c3cfb11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1718	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc68803b-10a6-4a8e-8e47-abda7c3cfb11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1717	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc68803b-10a6-4a8e-8e47-abda7c3cfb11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1716	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc68803b-10a6-4a8e-8e47-abda7c3cfb11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1715	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc68803b-10a6-4a8e-8e47-abda7c3cfb11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1714	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc68803b-10a6-4a8e-8e47-abda7c3cfb11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1713	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb0c94ca-2273-4853-8202-fc59c3ac165c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4d632ca0-57a6-450f-a493-966850784027 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1712	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb0c94ca-2273-4853-8202-fc59c3ac165c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1711	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb0c94ca-2273-4853-8202-fc59c3ac165c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1710	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb0c94ca-2273-4853-8202-fc59c3ac165c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1709	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb0c94ca-2273-4853-8202-fc59c3ac165c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1708	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb0c94ca-2273-4853-8202-fc59c3ac165c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1707	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb0c94ca-2273-4853-8202-fc59c3ac165c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1706	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=235986c4-ffe6-46f1-80fa-fda1ea18414f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=cd82a79e-bcb4-4158-ba87-0a336774180a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1705	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef1317e0-158c-4586-8912-2f189dee0298 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion=5.1.14393.1944 RunspaceId=12eb0e7e-15d1-489a-a908-271a6b454944 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1704	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef1317e0-158c-4586-8912-2f189dee0298 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion=5.1.14393.1944 RunspaceId=12eb0e7e-15d1-489a-a908-271a6b454944 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1703	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef1317e0-158c-4586-8912-2f189dee0298 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1702	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef1317e0-158c-4586-8912-2f189dee0298 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1701	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef1317e0-158c-4586-8912-2f189dee0298 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1700	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef1317e0-158c-4586-8912-2f189dee0298 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1699	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef1317e0-158c-4586-8912-2f189dee0298 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1698	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ef1317e0-158c-4586-8912-2f189dee0298 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1697	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=7b63cd3e-bb87-474b-835c-ebb01e9d903c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c6480cf4-4fa5-40f2-97a4-fa6ec20e228f PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1696	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7b63cd3e-bb87-474b-835c-ebb01e9d903c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c6480cf4-4fa5-40f2-97a4-fa6ec20e228f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1695	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7b63cd3e-bb87-474b-835c-ebb01e9d903c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1694	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7b63cd3e-bb87-474b-835c-ebb01e9d903c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1693	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7b63cd3e-bb87-474b-835c-ebb01e9d903c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1692	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7b63cd3e-bb87-474b-835c-ebb01e9d903c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1691	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7b63cd3e-bb87-474b-835c-ebb01e9d903c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1690	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7b63cd3e-bb87-474b-835c-ebb01e9d903c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1689	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7b63cd3e-bb87-474b-835c-ebb01e9d903c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1688	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7b63cd3e-bb87-474b-835c-ebb01e9d903c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1687	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=235986c4-ffe6-46f1-80fa-fda1ea18414f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=cd82a79e-bcb4-4158-ba87-0a336774180a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1686	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=235986c4-ffe6-46f1-80fa-fda1ea18414f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1685	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=235986c4-ffe6-46f1-80fa-fda1ea18414f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1684	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=235986c4-ffe6-46f1-80fa-fda1ea18414f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1683	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=235986c4-ffe6-46f1-80fa-fda1ea18414f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1682	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=235986c4-ffe6-46f1-80fa-fda1ea18414f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1681	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=235986c4-ffe6-46f1-80fa-fda1ea18414f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1680	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a1e9b072-3dbe-417b-a831-b41266901eb7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ddb3e163-8b01-4a3c-88c5-97627023e881 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1679	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c343df7a-dbff-4a81-9b6e-6cb75afbcb8f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA EngineVersion=5.1.14393.1944 RunspaceId=3c4a366f-def1-4fff-91ad-92eac6a2cddb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1678	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c343df7a-dbff-4a81-9b6e-6cb75afbcb8f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA EngineVersion=5.1.14393.1944 RunspaceId=3c4a366f-def1-4fff-91ad-92eac6a2cddb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1677	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c343df7a-dbff-4a81-9b6e-6cb75afbcb8f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1676	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c343df7a-dbff-4a81-9b6e-6cb75afbcb8f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1675	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c343df7a-dbff-4a81-9b6e-6cb75afbcb8f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1674	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c343df7a-dbff-4a81-9b6e-6cb75afbcb8f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1673	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c343df7a-dbff-4a81-9b6e-6cb75afbcb8f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1672	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c343df7a-dbff-4a81-9b6e-6cb75afbcb8f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1671	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=17ee0da0-605f-49f0-9747-d8dc4252c52f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fc4159b2-dac1-4617-a460-71b66d615f91 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1670	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=17ee0da0-605f-49f0-9747-d8dc4252c52f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fc4159b2-dac1-4617-a460-71b66d615f91 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1669	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=17ee0da0-605f-49f0-9747-d8dc4252c52f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1668	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=17ee0da0-605f-49f0-9747-d8dc4252c52f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1667	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=17ee0da0-605f-49f0-9747-d8dc4252c52f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1666	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=17ee0da0-605f-49f0-9747-d8dc4252c52f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1665	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=17ee0da0-605f-49f0-9747-d8dc4252c52f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1664	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=17ee0da0-605f-49f0-9747-d8dc4252c52f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1663	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=17ee0da0-605f-49f0-9747-d8dc4252c52f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1662	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=17ee0da0-605f-49f0-9747-d8dc4252c52f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1661	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a1e9b072-3dbe-417b-a831-b41266901eb7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ddb3e163-8b01-4a3c-88c5-97627023e881 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1660	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a1e9b072-3dbe-417b-a831-b41266901eb7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1659	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a1e9b072-3dbe-417b-a831-b41266901eb7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1658	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a1e9b072-3dbe-417b-a831-b41266901eb7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1657	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a1e9b072-3dbe-417b-a831-b41266901eb7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1656	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a1e9b072-3dbe-417b-a831-b41266901eb7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1655	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a1e9b072-3dbe-417b-a831-b41266901eb7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1654	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d417882a-fe40-41b7-8e33-788f623ab0c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQAzAEEARABRAEEATgBRAEEAdQBBAEQAWQBBAE0AdwBBAHQAQQBEAEkAQQBNAHcAQQA1AEEARABnAEEATgB3AEEANQBBAEQAYwBBAE0AUQBBAHgAQQBEAFEAQQBNAEEAQQAwAEEARABjAEEATgBBAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=cb0c9a4c-9cbb-4822-8857-0fe497e7df01 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1653	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e985ffbb-6c3c-4484-b960-b10abdce5e22 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA3ADQANQAuADYAMwAtADIAMwA5ADgANwA5ADcAMQAxADQAMAA0ADcANAA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=371f6145-5254-4658-93ef-0a3a5c5e2bef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1652	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e985ffbb-6c3c-4484-b960-b10abdce5e22 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA3ADQANQAuADYAMwAtADIAMwA5ADgANwA5ADcAMQAxADQAMAA0ADcANAA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=371f6145-5254-4658-93ef-0a3a5c5e2bef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1651	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e985ffbb-6c3c-4484-b960-b10abdce5e22 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA3ADQANQAuADYAMwAtADIAMwA5ADgANwA5ADcAMQAxADQAMAA0ADcANAA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1650	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e985ffbb-6c3c-4484-b960-b10abdce5e22 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA3ADQANQAuADYAMwAtADIAMwA5ADgANwA5ADcAMQAxADQAMAA0ADcANAA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1649	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e985ffbb-6c3c-4484-b960-b10abdce5e22 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA3ADQANQAuADYAMwAtADIAMwA5ADgANwA5ADcAMQAxADQAMAA0ADcANAA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1648	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e985ffbb-6c3c-4484-b960-b10abdce5e22 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA3ADQANQAuADYAMwAtADIAMwA5ADgANwA5ADcAMQAxADQAMAA0ADcANAA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1647	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e985ffbb-6c3c-4484-b960-b10abdce5e22 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA3ADQANQAuADYAMwAtADIAMwA5ADgANwA5ADcAMQAxADQAMAA0ADcANAA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1646	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e985ffbb-6c3c-4484-b960-b10abdce5e22 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA3ADQANQAuADYAMwAtADIAMwA5ADgANwA5ADcAMQAxADQAMAA0ADcANAA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1645	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d417882a-fe40-41b7-8e33-788f623ab0c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQAzAEEARABRAEEATgBRAEEAdQBBAEQAWQBBAE0AdwBBAHQAQQBEAEkAQQBNAHcAQQA1AEEARABnAEEATgB3AEEANQBBAEQAYwBBAE0AUQBBAHgAQQBEAFEAQQBNAEEAQQAwAEEARABjAEEATgBBAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=cb0c9a4c-9cbb-4822-8857-0fe497e7df01 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1644	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d417882a-fe40-41b7-8e33-788f623ab0c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQAzAEEARABRAEEATgBRAEEAdQBBAEQAWQBBAE0AdwBBAHQAQQBEAEkAQQBNAHcAQQA1AEEARABnAEEATgB3AEEANQBBAEQAYwBBAE0AUQBBAHgAQQBEAFEAQQBNAEEAQQAwAEEARABjAEEATgBBAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1643	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d417882a-fe40-41b7-8e33-788f623ab0c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQAzAEEARABRAEEATgBRAEEAdQBBAEQAWQBBAE0AdwBBAHQAQQBEAEkAQQBNAHcAQQA1AEEARABnAEEATgB3AEEANQBBAEQAYwBBAE0AUQBBAHgAQQBEAFEAQQBNAEEAQQAwAEEARABjAEEATgBBAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1642	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d417882a-fe40-41b7-8e33-788f623ab0c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQAzAEEARABRAEEATgBRAEEAdQBBAEQAWQBBAE0AdwBBAHQAQQBEAEkAQQBNAHcAQQA1AEEARABnAEEATgB3AEEANQBBAEQAYwBBAE0AUQBBAHgAQQBEAFEAQQBNAEEAQQAwAEEARABjAEEATgBBAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1641	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d417882a-fe40-41b7-8e33-788f623ab0c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQAzAEEARABRAEEATgBRAEEAdQBBAEQAWQBBAE0AdwBBAHQAQQBEAEkAQQBNAHcAQQA1AEEARABnAEEATgB3AEEANQBBAEQAYwBBAE0AUQBBAHgAQQBEAFEAQQBNAEEAQQAwAEEARABjAEEATgBBAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1640	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d417882a-fe40-41b7-8e33-788f623ab0c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQAzAEEARABRAEEATgBRAEEAdQBBAEQAWQBBAE0AdwBBAHQAQQBEAEkAQQBNAHcAQQA1AEEARABnAEEATgB3AEEANQBBAEQAYwBBAE0AUQBBAHgAQQBEAFEAQQBNAEEAQQAwAEEARABjAEEATgBBAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1639	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d417882a-fe40-41b7-8e33-788f623ab0c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQAzAEEARABRAEEATgBRAEEAdQBBAEQAWQBBAE0AdwBBAHQAQQBEAEkAQQBNAHcAQQA1AEEARABnAEEATgB3AEEANQBBAEQAYwBBAE0AUQBBAHgAQQBEAFEAQQBNAEEAQQAwAEEARABjAEEATgBBAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1638	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4827b83b-a747-4f71-bdc5-d9b0253596cc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3e631719-b046-4f70-9be5-3d3370d3fe67 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1637	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d340ecbd-ebcc-4ddb-8082-719dfc5660d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e2983bb2-61fd-42ca-a7cf-e39ba3aa3ceb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1636	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d340ecbd-ebcc-4ddb-8082-719dfc5660d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1635	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d340ecbd-ebcc-4ddb-8082-719dfc5660d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1634	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d340ecbd-ebcc-4ddb-8082-719dfc5660d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1633	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d340ecbd-ebcc-4ddb-8082-719dfc5660d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1632	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d340ecbd-ebcc-4ddb-8082-719dfc5660d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1631	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d340ecbd-ebcc-4ddb-8082-719dfc5660d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1630	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d340ecbd-ebcc-4ddb-8082-719dfc5660d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1629	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d340ecbd-ebcc-4ddb-8082-719dfc5660d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1628	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4827b83b-a747-4f71-bdc5-d9b0253596cc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3e631719-b046-4f70-9be5-3d3370d3fe67 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1627	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4827b83b-a747-4f71-bdc5-d9b0253596cc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1626	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4827b83b-a747-4f71-bdc5-d9b0253596cc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1625	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4827b83b-a747-4f71-bdc5-d9b0253596cc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1624	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4827b83b-a747-4f71-bdc5-d9b0253596cc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1623	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4827b83b-a747-4f71-bdc5-d9b0253596cc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1622	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4827b83b-a747-4f71-bdc5-d9b0253596cc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1621	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c437c512-faf7-452b-9bf8-5a83f547be0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA3ADQANQAuADYAMwAtADIAMwA5ADgANwA5ADcAMQAxADQAMAA0ADcANAA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=e84e3536-9ba8-4382-b21a-b856be654104 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1620	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c437c512-faf7-452b-9bf8-5a83f547be0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA3ADQANQAuADYAMwAtADIAMwA5ADgANwA5ADcAMQAxADQAMAA0ADcANAA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=e84e3536-9ba8-4382-b21a-b856be654104 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1619	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c437c512-faf7-452b-9bf8-5a83f547be0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA3ADQANQAuADYAMwAtADIAMwA5ADgANwA5ADcAMQAxADQAMAA0ADcANAA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1618	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c437c512-faf7-452b-9bf8-5a83f547be0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA3ADQANQAuADYAMwAtADIAMwA5ADgANwA5ADcAMQAxADQAMAA0ADcANAA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1617	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c437c512-faf7-452b-9bf8-5a83f547be0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA3ADQANQAuADYAMwAtADIAMwA5ADgANwA5ADcAMQAxADQAMAA0ADcANAA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1616	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c437c512-faf7-452b-9bf8-5a83f547be0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA3ADQANQAuADYAMwAtADIAMwA5ADgANwA5ADcAMQAxADQAMAA0ADcANAA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1615	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c437c512-faf7-452b-9bf8-5a83f547be0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA3ADQANQAuADYAMwAtADIAMwA5ADgANwA5ADcAMQAxADQAMAA0ADcANAA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1614	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c437c512-faf7-452b-9bf8-5a83f547be0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA3ADQANQAuADYAMwAtADIAMwA5ADgANwA5ADcAMQAxADQAMAA0ADcANAA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1613	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9585a1f6-8362-4f84-a693-85bfedc76b81 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAGMAQQBOAEEAQQAxAEEAQwA0AEEATgBnAEEAegBBAEMAMABBAE0AZwBBAHoAQQBEAGsAQQBPAEEAQQAzAEEARABrAEEATgB3AEEAeABBAEQARQBBAE4AQQBBAHcAQQBEAFEAQQBOAHcAQQAwAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=83cf878b-f9c5-4b18-94b1-ce50f909576a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1612	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb49fcff-c244-43f7-a99d-1868644fb4df HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADcANAA1AC4ANgAzAC0AMgAzADkAOAA3ADkANwAxADEANAAwADQANwA0ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=508e710e-b93f-4f6e-bca2-c9cc7abe48af PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1611	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb49fcff-c244-43f7-a99d-1868644fb4df HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADcANAA1AC4ANgAzAC0AMgAzADkAOAA3ADkANwAxADEANAAwADQANwA0ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=508e710e-b93f-4f6e-bca2-c9cc7abe48af PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1610	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb49fcff-c244-43f7-a99d-1868644fb4df HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADcANAA1AC4ANgAzAC0AMgAzADkAOAA3ADkANwAxADEANAAwADQANwA0ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1609	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb49fcff-c244-43f7-a99d-1868644fb4df HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADcANAA1AC4ANgAzAC0AMgAzADkAOAA3ADkANwAxADEANAAwADQANwA0ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1608	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb49fcff-c244-43f7-a99d-1868644fb4df HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADcANAA1AC4ANgAzAC0AMgAzADkAOAA3ADkANwAxADEANAAwADQANwA0ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1607	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb49fcff-c244-43f7-a99d-1868644fb4df HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADcANAA1AC4ANgAzAC0AMgAzADkAOAA3ADkANwAxADEANAAwADQANwA0ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1606	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb49fcff-c244-43f7-a99d-1868644fb4df HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADcANAA1AC4ANgAzAC0AMgAzADkAOAA3ADkANwAxADEANAAwADQANwA0ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1605	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bb49fcff-c244-43f7-a99d-1868644fb4df HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADcANAA1AC4ANgAzAC0AMgAzADkAOAA3ADkANwAxADEANAAwADQANwA0ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1604	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9585a1f6-8362-4f84-a693-85bfedc76b81 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAGMAQQBOAEEAQQAxAEEAQwA0AEEATgBnAEEAegBBAEMAMABBAE0AZwBBAHoAQQBEAGsAQQBPAEEAQQAzAEEARABrAEEATgB3AEEAeABBAEQARQBBAE4AQQBBAHcAQQBEAFEAQQBOAHcAQQAwAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=83cf878b-f9c5-4b18-94b1-ce50f909576a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1603	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9585a1f6-8362-4f84-a693-85bfedc76b81 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAGMAQQBOAEEAQQAxAEEAQwA0AEEATgBnAEEAegBBAEMAMABBAE0AZwBBAHoAQQBEAGsAQQBPAEEAQQAzAEEARABrAEEATgB3AEEAeABBAEQARQBBAE4AQQBBAHcAQQBEAFEAQQBOAHcAQQAwAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1602	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9585a1f6-8362-4f84-a693-85bfedc76b81 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAGMAQQBOAEEAQQAxAEEAQwA0AEEATgBnAEEAegBBAEMAMABBAE0AZwBBAHoAQQBEAGsAQQBPAEEAQQAzAEEARABrAEEATgB3AEEAeABBAEQARQBBAE4AQQBBAHcAQQBEAFEAQQBOAHcAQQAwAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1601	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9585a1f6-8362-4f84-a693-85bfedc76b81 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAGMAQQBOAEEAQQAxAEEAQwA0AEEATgBnAEEAegBBAEMAMABBAE0AZwBBAHoAQQBEAGsAQQBPAEEAQQAzAEEARABrAEEATgB3AEEAeABBAEQARQBBAE4AQQBBAHcAQQBEAFEAQQBOAHcAQQAwAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1600	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9585a1f6-8362-4f84-a693-85bfedc76b81 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAGMAQQBOAEEAQQAxAEEAQwA0AEEATgBnAEEAegBBAEMAMABBAE0AZwBBAHoAQQBEAGsAQQBPAEEAQQAzAEEARABrAEEATgB3AEEAeABBAEQARQBBAE4AQQBBAHcAQQBEAFEAQQBOAHcAQQAwAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1599	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9585a1f6-8362-4f84-a693-85bfedc76b81 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAGMAQQBOAEEAQQAxAEEAQwA0AEEATgBnAEEAegBBAEMAMABBAE0AZwBBAHoAQQBEAGsAQQBPAEEAQQAzAEEARABrAEEATgB3AEEAeABBAEQARQBBAE4AQQBBAHcAQQBEAFEAQQBOAHcAQQAwAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1598	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9585a1f6-8362-4f84-a693-85bfedc76b81 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAGMAQQBOAEEAQQAxAEEAQwA0AEEATgBnAEEAegBBAEMAMABBAE0AZwBBAHoAQQBEAGsAQQBPAEEAQQAzAEEARABrAEEATgB3AEEAeABBAEQARQBBAE4AQQBBAHcAQQBEAFEAQQBOAHcAQQAwAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1597	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b89a13e-7bac-45e5-9c49-6affc06a50fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=63a3a5c3-dd03-4481-9462-74df6fa60d11 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1596	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3cbdf193-0fff-4637-8897-d6b317cd90f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a90173a6-2c99-4414-b619-09bef1b7bfa1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1595	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3cbdf193-0fff-4637-8897-d6b317cd90f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1594	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3cbdf193-0fff-4637-8897-d6b317cd90f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1593	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3cbdf193-0fff-4637-8897-d6b317cd90f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1592	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3cbdf193-0fff-4637-8897-d6b317cd90f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1591	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3cbdf193-0fff-4637-8897-d6b317cd90f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1590	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3cbdf193-0fff-4637-8897-d6b317cd90f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1589	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3cbdf193-0fff-4637-8897-d6b317cd90f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1588	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3cbdf193-0fff-4637-8897-d6b317cd90f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1587	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b89a13e-7bac-45e5-9c49-6affc06a50fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=63a3a5c3-dd03-4481-9462-74df6fa60d11 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1586	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b89a13e-7bac-45e5-9c49-6affc06a50fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1585	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b89a13e-7bac-45e5-9c49-6affc06a50fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1584	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b89a13e-7bac-45e5-9c49-6affc06a50fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1583	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b89a13e-7bac-45e5-9c49-6affc06a50fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1582	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b89a13e-7bac-45e5-9c49-6affc06a50fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1581	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b89a13e-7bac-45e5-9c49-6affc06a50fd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1580	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:32:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50872984-afae-4f06-a1c5-2d04c2f17c4a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e0ad1ce1-0ea9-4ebb-8e3b-1448f8e34197 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1579	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:31:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=072567e9-8922-414a-9ec4-045dd7d565c6 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgAxAGIAZQA2ADYAMQA5ADQAMwBlADkAZgA0ADIAZgA2ADgAZAAxAGQAZQAwAGEANQBjAGEANgA0ADMAMwBiAGMAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A EngineVersion=5.1.14393.1944 RunspaceId=7e6ad21d-60a2-4fe4-8d9b-359e79bd7076 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1578	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:31:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=072567e9-8922-414a-9ec4-045dd7d565c6 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgAxAGIAZQA2ADYAMQA5ADQAMwBlADkAZgA0ADIAZgA2ADgAZAAxAGQAZQAwAGEANQBjAGEANgA0ADMAMwBiAGMAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A EngineVersion=5.1.14393.1944 RunspaceId=7e6ad21d-60a2-4fe4-8d9b-359e79bd7076 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1577	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=072567e9-8922-414a-9ec4-045dd7d565c6 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgAxAGIAZQA2ADYAMQA5ADQAMwBlADkAZgA0ADIAZgA2ADgAZAAxAGQAZQAwAGEANQBjAGEANgA0ADMAMwBiAGMAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1576	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=072567e9-8922-414a-9ec4-045dd7d565c6 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgAxAGIAZQA2ADYAMQA5ADQAMwBlADkAZgA0ADIAZgA2ADgAZAAxAGQAZQAwAGEANQBjAGEANgA0ADMAMwBiAGMAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1575	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=072567e9-8922-414a-9ec4-045dd7d565c6 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgAxAGIAZQA2ADYAMQA5ADQAMwBlADkAZgA0ADIAZgA2ADgAZAAxAGQAZQAwAGEANQBjAGEANgA0ADMAMwBiAGMAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1574	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=072567e9-8922-414a-9ec4-045dd7d565c6 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgAxAGIAZQA2ADYAMQA5ADQAMwBlADkAZgA0ADIAZgA2ADgAZAAxAGQAZQAwAGEANQBjAGEANgA0ADMAMwBiAGMAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1573	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=072567e9-8922-414a-9ec4-045dd7d565c6 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgAxAGIAZQA2ADYAMQA5ADQAMwBlADkAZgA0ADIAZgA2ADgAZAAxAGQAZQAwAGEANQBjAGEANgA0ADMAMwBiAGMAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1572	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=072567e9-8922-414a-9ec4-045dd7d565c6 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgAxAGIAZQA2ADYAMQA5ADQAMwBlADkAZgA0ADIAZgA2ADgAZAAxAGQAZQAwAGEANQBjAGEANgA0ADMAMwBiAGMAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1571	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=e1c16794-e68e-4374-9ad8-8d5bad17a791 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=0f5f76f9-9a31-4cb2-b3ff-df71b9c5df18 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1570	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e1c16794-e68e-4374-9ad8-8d5bad17a791 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=0f5f76f9-9a31-4cb2-b3ff-df71b9c5df18 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1569	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e1c16794-e68e-4374-9ad8-8d5bad17a791 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1568	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e1c16794-e68e-4374-9ad8-8d5bad17a791 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1567	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e1c16794-e68e-4374-9ad8-8d5bad17a791 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1566	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e1c16794-e68e-4374-9ad8-8d5bad17a791 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1565	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e1c16794-e68e-4374-9ad8-8d5bad17a791 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1564	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e1c16794-e68e-4374-9ad8-8d5bad17a791 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1563	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e1c16794-e68e-4374-9ad8-8d5bad17a791 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1562	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e1c16794-e68e-4374-9ad8-8d5bad17a791 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1561	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50872984-afae-4f06-a1c5-2d04c2f17c4a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e0ad1ce1-0ea9-4ebb-8e3b-1448f8e34197 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1560	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50872984-afae-4f06-a1c5-2d04c2f17c4a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1559	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50872984-afae-4f06-a1c5-2d04c2f17c4a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1558	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50872984-afae-4f06-a1c5-2d04c2f17c4a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1557	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50872984-afae-4f06-a1c5-2d04c2f17c4a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1556	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50872984-afae-4f06-a1c5-2d04c2f17c4a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1555	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=50872984-afae-4f06-a1c5-2d04c2f17c4a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1554	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a358642-bcd0-4afe-9f21-4f9f2a73bfe5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQAwAEEARABNAEEATgB3AEEAdQBBAEQAWQBBAE4AQQBBAHQAQQBEAEkAQQBNAGcAQQB6AEEARABVAEEATQBnAEEANQBBAEQATQBBAE4AdwBBAHgAQQBEAEkAQQBOAFEAQQB6AEEARABjAEEATwBRAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=296ea668-2069-403e-a966-db5c1885e504 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1553	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6feb8f34-4f94-4771-ab46-775bbebb339d HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA0ADMANwAuADYANAAtADIAMgAzADUAMgA5ADMANwAxADIANQAzADcAOQA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=357ae9a4-8c15-4ad1-bcb8-305df499d99e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1552	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6feb8f34-4f94-4771-ab46-775bbebb339d HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA0ADMANwAuADYANAAtADIAMgAzADUAMgA5ADMANwAxADIANQAzADcAOQA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=357ae9a4-8c15-4ad1-bcb8-305df499d99e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1551	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6feb8f34-4f94-4771-ab46-775bbebb339d HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA0ADMANwAuADYANAAtADIAMgAzADUAMgA5ADMANwAxADIANQAzADcAOQA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1550	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6feb8f34-4f94-4771-ab46-775bbebb339d HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA0ADMANwAuADYANAAtADIAMgAzADUAMgA5ADMANwAxADIANQAzADcAOQA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1549	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6feb8f34-4f94-4771-ab46-775bbebb339d HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA0ADMANwAuADYANAAtADIAMgAzADUAMgA5ADMANwAxADIANQAzADcAOQA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1548	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6feb8f34-4f94-4771-ab46-775bbebb339d HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA0ADMANwAuADYANAAtADIAMgAzADUAMgA5ADMANwAxADIANQAzADcAOQA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1547	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6feb8f34-4f94-4771-ab46-775bbebb339d HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA0ADMANwAuADYANAAtADIAMgAzADUAMgA5ADMANwAxADIANQAzADcAOQA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1546	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6feb8f34-4f94-4771-ab46-775bbebb339d HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA0ADMANwAuADYANAAtADIAMgAzADUAMgA5ADMANwAxADIANQAzADcAOQA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1545	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a358642-bcd0-4afe-9f21-4f9f2a73bfe5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQAwAEEARABNAEEATgB3AEEAdQBBAEQAWQBBAE4AQQBBAHQAQQBEAEkAQQBNAGcAQQB6AEEARABVAEEATQBnAEEANQBBAEQATQBBAE4AdwBBAHgAQQBEAEkAQQBOAFEAQQB6AEEARABjAEEATwBRAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=296ea668-2069-403e-a966-db5c1885e504 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1544	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a358642-bcd0-4afe-9f21-4f9f2a73bfe5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQAwAEEARABNAEEATgB3AEEAdQBBAEQAWQBBAE4AQQBBAHQAQQBEAEkAQQBNAGcAQQB6AEEARABVAEEATQBnAEEANQBBAEQATQBBAE4AdwBBAHgAQQBEAEkAQQBOAFEAQQB6AEEARABjAEEATwBRAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1543	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a358642-bcd0-4afe-9f21-4f9f2a73bfe5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQAwAEEARABNAEEATgB3AEEAdQBBAEQAWQBBAE4AQQBBAHQAQQBEAEkAQQBNAGcAQQB6AEEARABVAEEATQBnAEEANQBBAEQATQBBAE4AdwBBAHgAQQBEAEkAQQBOAFEAQQB6AEEARABjAEEATwBRAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1542	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a358642-bcd0-4afe-9f21-4f9f2a73bfe5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQAwAEEARABNAEEATgB3AEEAdQBBAEQAWQBBAE4AQQBBAHQAQQBEAEkAQQBNAGcAQQB6AEEARABVAEEATQBnAEEANQBBAEQATQBBAE4AdwBBAHgAQQBEAEkAQQBOAFEAQQB6AEEARABjAEEATwBRAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1541	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a358642-bcd0-4afe-9f21-4f9f2a73bfe5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQAwAEEARABNAEEATgB3AEEAdQBBAEQAWQBBAE4AQQBBAHQAQQBEAEkAQQBNAGcAQQB6AEEARABVAEEATQBnAEEANQBBAEQATQBBAE4AdwBBAHgAQQBEAEkAQQBOAFEAQQB6AEEARABjAEEATwBRAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1540	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a358642-bcd0-4afe-9f21-4f9f2a73bfe5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQAwAEEARABNAEEATgB3AEEAdQBBAEQAWQBBAE4AQQBBAHQAQQBEAEkAQQBNAGcAQQB6AEEARABVAEEATQBnAEEANQBBAEQATQBBAE4AdwBBAHgAQQBEAEkAQQBOAFEAQQB6AEEARABjAEEATwBRAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1539	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a358642-bcd0-4afe-9f21-4f9f2a73bfe5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQAwAEEARABNAEEATgB3AEEAdQBBAEQAWQBBAE4AQQBBAHQAQQBEAEkAQQBNAGcAQQB6AEEARABVAEEATQBnAEEANQBBAEQATQBBAE4AdwBBAHgAQQBEAEkAQQBOAFEAQQB6AEEARABjAEEATwBRAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1538	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f416ff6e-cf02-4130-a06b-21c534869683 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=136a3d24-3575-440c-8455-e830e01ea70d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1537	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ada1bf4e-1595-419e-9065-fc085041d16f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=bd346112-0b8a-48b5-a037-8f132e925230 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1536	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ada1bf4e-1595-419e-9065-fc085041d16f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1535	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ada1bf4e-1595-419e-9065-fc085041d16f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1534	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ada1bf4e-1595-419e-9065-fc085041d16f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1533	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ada1bf4e-1595-419e-9065-fc085041d16f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1532	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ada1bf4e-1595-419e-9065-fc085041d16f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1531	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ada1bf4e-1595-419e-9065-fc085041d16f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1530	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ada1bf4e-1595-419e-9065-fc085041d16f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1529	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ada1bf4e-1595-419e-9065-fc085041d16f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1528	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f416ff6e-cf02-4130-a06b-21c534869683 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=136a3d24-3575-440c-8455-e830e01ea70d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1527	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f416ff6e-cf02-4130-a06b-21c534869683 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1526	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f416ff6e-cf02-4130-a06b-21c534869683 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1525	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f416ff6e-cf02-4130-a06b-21c534869683 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1524	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f416ff6e-cf02-4130-a06b-21c534869683 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1523	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f416ff6e-cf02-4130-a06b-21c534869683 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1522	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f416ff6e-cf02-4130-a06b-21c534869683 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1521	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37fda221-b093-4fb4-bf53-2cc2ad939364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA0ADMANwAuADYANAAtADIAMgAzADUAMgA5ADMANwAxADIANQAzADcAOQA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=8f47768a-0f9d-4dc7-93a3-bf3a98840b80 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1520	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37fda221-b093-4fb4-bf53-2cc2ad939364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA0ADMANwAuADYANAAtADIAMgAzADUAMgA5ADMANwAxADIANQAzADcAOQA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=8f47768a-0f9d-4dc7-93a3-bf3a98840b80 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1519	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37fda221-b093-4fb4-bf53-2cc2ad939364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA0ADMANwAuADYANAAtADIAMgAzADUAMgA5ADMANwAxADIANQAzADcAOQA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1518	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37fda221-b093-4fb4-bf53-2cc2ad939364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA0ADMANwAuADYANAAtADIAMgAzADUAMgA5ADMANwAxADIANQAzADcAOQA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1517	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37fda221-b093-4fb4-bf53-2cc2ad939364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA0ADMANwAuADYANAAtADIAMgAzADUAMgA5ADMANwAxADIANQAzADcAOQA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1516	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37fda221-b093-4fb4-bf53-2cc2ad939364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA0ADMANwAuADYANAAtADIAMgAzADUAMgA5ADMANwAxADIANQAzADcAOQA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1515	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37fda221-b093-4fb4-bf53-2cc2ad939364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA0ADMANwAuADYANAAtADIAMgAzADUAMgA5ADMANwAxADIANQAzADcAOQA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1514	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=37fda221-b093-4fb4-bf53-2cc2ad939364 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgA0ADMANwAuADYANAAtADIAMgAzADUAMgA5ADMANwAxADIANQAzADcAOQA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1513	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb46cf82-e7ca-4921-a049-f0cfd206fa2a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAFEAQQBNAHcAQQAzAEEAQwA0AEEATgBnAEEAMABBAEMAMABBAE0AZwBBAHkAQQBEAE0AQQBOAFEAQQB5AEEARABrAEEATQB3AEEAMwBBAEQARQBBAE0AZwBBADEAQQBEAE0AQQBOAHcAQQA1AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=61688173-0bff-4399-98c7-69d6539d05f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1512	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=40c7fda7-7f3b-40d4-8a0f-6d693727f94b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADQAMwA3AC4ANgA0AC0AMgAyADMANQAyADkAMwA3ADEAMgA1ADMANwA5ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=dd2aa2ac-5c71-4a02-bd2e-841b8c1b1de3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1511	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=40c7fda7-7f3b-40d4-8a0f-6d693727f94b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADQAMwA3AC4ANgA0AC0AMgAyADMANQAyADkAMwA3ADEAMgA1ADMANwA5ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=dd2aa2ac-5c71-4a02-bd2e-841b8c1b1de3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1510	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=40c7fda7-7f3b-40d4-8a0f-6d693727f94b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADQAMwA3AC4ANgA0AC0AMgAyADMANQAyADkAMwA3ADEAMgA1ADMANwA5ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1509	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=40c7fda7-7f3b-40d4-8a0f-6d693727f94b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADQAMwA3AC4ANgA0AC0AMgAyADMANQAyADkAMwA3ADEAMgA1ADMANwA5ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1508	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=40c7fda7-7f3b-40d4-8a0f-6d693727f94b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADQAMwA3AC4ANgA0AC0AMgAyADMANQAyADkAMwA3ADEAMgA1ADMANwA5ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1507	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=40c7fda7-7f3b-40d4-8a0f-6d693727f94b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADQAMwA3AC4ANgA0AC0AMgAyADMANQAyADkAMwA3ADEAMgA1ADMANwA5ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1506	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=40c7fda7-7f3b-40d4-8a0f-6d693727f94b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADQAMwA3AC4ANgA0AC0AMgAyADMANQAyADkAMwA3ADEAMgA1ADMANwA5ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1505	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=40c7fda7-7f3b-40d4-8a0f-6d693727f94b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADQAMwA3AC4ANgA0AC0AMgAyADMANQAyADkAMwA3ADEAMgA1ADMANwA5ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1504	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb46cf82-e7ca-4921-a049-f0cfd206fa2a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAFEAQQBNAHcAQQAzAEEAQwA0AEEATgBnAEEAMABBAEMAMABBAE0AZwBBAHkAQQBEAE0AQQBOAFEAQQB5AEEARABrAEEATQB3AEEAMwBBAEQARQBBAE0AZwBBADEAQQBEAE0AQQBOAHcAQQA1AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=61688173-0bff-4399-98c7-69d6539d05f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1503	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb46cf82-e7ca-4921-a049-f0cfd206fa2a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAFEAQQBNAHcAQQAzAEEAQwA0AEEATgBnAEEAMABBAEMAMABBAE0AZwBBAHkAQQBEAE0AQQBOAFEAQQB5AEEARABrAEEATQB3AEEAMwBBAEQARQBBAE0AZwBBADEAQQBEAE0AQQBOAHcAQQA1AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1502	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb46cf82-e7ca-4921-a049-f0cfd206fa2a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAFEAQQBNAHcAQQAzAEEAQwA0AEEATgBnAEEAMABBAEMAMABBAE0AZwBBAHkAQQBEAE0AQQBOAFEAQQB5AEEARABrAEEATQB3AEEAMwBBAEQARQBBAE0AZwBBADEAQQBEAE0AQQBOAHcAQQA1AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1501	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb46cf82-e7ca-4921-a049-f0cfd206fa2a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAFEAQQBNAHcAQQAzAEEAQwA0AEEATgBnAEEAMABBAEMAMABBAE0AZwBBAHkAQQBEAE0AQQBOAFEAQQB5AEEARABrAEEATQB3AEEAMwBBAEQARQBBAE0AZwBBADEAQQBEAE0AQQBOAHcAQQA1AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1500	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb46cf82-e7ca-4921-a049-f0cfd206fa2a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAFEAQQBNAHcAQQAzAEEAQwA0AEEATgBnAEEAMABBAEMAMABBAE0AZwBBAHkAQQBEAE0AQQBOAFEAQQB5AEEARABrAEEATQB3AEEAMwBBAEQARQBBAE0AZwBBADEAQQBEAE0AQQBOAHcAQQA1AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1499	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb46cf82-e7ca-4921-a049-f0cfd206fa2a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAFEAQQBNAHcAQQAzAEEAQwA0AEEATgBnAEEAMABBAEMAMABBAE0AZwBBAHkAQQBEAE0AQQBOAFEAQQB5AEEARABrAEEATQB3AEEAMwBBAEQARQBBAE0AZwBBADEAQQBEAE0AQQBOAHcAQQA1AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1498	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb46cf82-e7ca-4921-a049-f0cfd206fa2a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAFEAQQBNAHcAQQAzAEEAQwA0AEEATgBnAEEAMABBAEMAMABBAE0AZwBBAHkAQQBEAE0AQQBOAFEAQQB5AEEARABrAEEATQB3AEEAMwBBAEQARQBBAE0AZwBBADEAQQBEAE0AQQBOAHcAQQA1AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1497	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f5223328-61eb-4aaf-8e3c-d19ded32101b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c24417a9-93c1-4084-b13f-93f9edcfb9f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1496	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c8cb6594-7976-4b4a-bed2-b3dd3bc19123 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ccac5ed5-1751-43d6-9813-17a03bb69e62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1495	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c8cb6594-7976-4b4a-bed2-b3dd3bc19123 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1494	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c8cb6594-7976-4b4a-bed2-b3dd3bc19123 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1493	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c8cb6594-7976-4b4a-bed2-b3dd3bc19123 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1492	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c8cb6594-7976-4b4a-bed2-b3dd3bc19123 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1491	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c8cb6594-7976-4b4a-bed2-b3dd3bc19123 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1490	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c8cb6594-7976-4b4a-bed2-b3dd3bc19123 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1489	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c8cb6594-7976-4b4a-bed2-b3dd3bc19123 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1488	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c8cb6594-7976-4b4a-bed2-b3dd3bc19123 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1487	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f5223328-61eb-4aaf-8e3c-d19ded32101b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c24417a9-93c1-4084-b13f-93f9edcfb9f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1486	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f5223328-61eb-4aaf-8e3c-d19ded32101b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1485	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f5223328-61eb-4aaf-8e3c-d19ded32101b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1484	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f5223328-61eb-4aaf-8e3c-d19ded32101b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1483	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f5223328-61eb-4aaf-8e3c-d19ded32101b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1482	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f5223328-61eb-4aaf-8e3c-d19ded32101b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1481	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f5223328-61eb-4aaf-8e3c-d19ded32101b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1480	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=11e5f038-0b3f-4ec8-8cf1-0ce162915a91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=84064ce2-930d-4f49-8770-932ebbc7762e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1479	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f90f25e7-8b8b-462a-bad7-35c08b940725 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4a5e9b17-3869-4f25-b9f6-e153c354f071 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1478	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f90f25e7-8b8b-462a-bad7-35c08b940725 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1477	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f90f25e7-8b8b-462a-bad7-35c08b940725 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1476	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f90f25e7-8b8b-462a-bad7-35c08b940725 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1475	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f90f25e7-8b8b-462a-bad7-35c08b940725 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1474	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f90f25e7-8b8b-462a-bad7-35c08b940725 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1473	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f90f25e7-8b8b-462a-bad7-35c08b940725 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1472	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f90f25e7-8b8b-462a-bad7-35c08b940725 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1471	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f90f25e7-8b8b-462a-bad7-35c08b940725 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1470	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=11e5f038-0b3f-4ec8-8cf1-0ce162915a91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=84064ce2-930d-4f49-8770-932ebbc7762e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1469	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=11e5f038-0b3f-4ec8-8cf1-0ce162915a91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1468	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=11e5f038-0b3f-4ec8-8cf1-0ce162915a91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1467	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=11e5f038-0b3f-4ec8-8cf1-0ce162915a91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1466	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=11e5f038-0b3f-4ec8-8cf1-0ce162915a91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1465	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=11e5f038-0b3f-4ec8-8cf1-0ce162915a91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1464	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=11e5f038-0b3f-4ec8-8cf1-0ce162915a91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1463	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bb8c593-34ea-4674-b71b-ef0fef71a881 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=41662867-5607-4f22-b19c-25d37b395e1b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1462	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:27:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=5d360c37-64fc-4de8-8788-bfd22ff1c63b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=139a0ee4-9f77-48a4-8429-e37ae8a52e90 PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"	800		0	4	8		36028797018963968	1461	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5d360c37-64fc-4de8-8788-bfd22ff1c63b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=139a0ee4-9f77-48a4-8429-e37ae8a52e90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1460	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5d360c37-64fc-4de8-8788-bfd22ff1c63b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1459	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5d360c37-64fc-4de8-8788-bfd22ff1c63b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1458	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5d360c37-64fc-4de8-8788-bfd22ff1c63b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1457	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5d360c37-64fc-4de8-8788-bfd22ff1c63b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1456	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5d360c37-64fc-4de8-8788-bfd22ff1c63b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1455	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5d360c37-64fc-4de8-8788-bfd22ff1c63b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1454	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5d360c37-64fc-4de8-8788-bfd22ff1c63b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1453	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5d360c37-64fc-4de8-8788-bfd22ff1c63b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1452	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bb8c593-34ea-4674-b71b-ef0fef71a881 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=41662867-5607-4f22-b19c-25d37b395e1b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1451	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bb8c593-34ea-4674-b71b-ef0fef71a881 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1450	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bb8c593-34ea-4674-b71b-ef0fef71a881 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1449	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bb8c593-34ea-4674-b71b-ef0fef71a881 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1448	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bb8c593-34ea-4674-b71b-ef0fef71a881 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1447	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bb8c593-34ea-4674-b71b-ef0fef71a881 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1446	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bb8c593-34ea-4674-b71b-ef0fef71a881 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1445	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16e42f3f-d5af-4975-9571-cc2ea49755d4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=10cc4cb6-6f9a-4190-9ab4-ae18b5b3d644 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1444	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=96982164-4086-4db2-a1bc-740f4f322cbd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=45e531da-c168-438e-ac0b-fabc180c1790 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $webclient_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } }"	800		0	4	8		36028797018963968	1443	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=96982164-4086-4db2-a1bc-740f4f322cbd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=45e531da-c168-438e-ac0b-fabc180c1790 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1442	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=96982164-4086-4db2-a1bc-740f4f322cbd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1441	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=96982164-4086-4db2-a1bc-740f4f322cbd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1440	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=96982164-4086-4db2-a1bc-740f4f322cbd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1439	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=96982164-4086-4db2-a1bc-740f4f322cbd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1438	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=96982164-4086-4db2-a1bc-740f4f322cbd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1437	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=96982164-4086-4db2-a1bc-740f4f322cbd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1436	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=96982164-4086-4db2-a1bc-740f4f322cbd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1435	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=96982164-4086-4db2-a1bc-740f4f322cbd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1434	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16e42f3f-d5af-4975-9571-cc2ea49755d4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=10cc4cb6-6f9a-4190-9ab4-ae18b5b3d644 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1433	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16e42f3f-d5af-4975-9571-cc2ea49755d4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1432	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16e42f3f-d5af-4975-9571-cc2ea49755d4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1431	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16e42f3f-d5af-4975-9571-cc2ea49755d4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1430	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16e42f3f-d5af-4975-9571-cc2ea49755d4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1429	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16e42f3f-d5af-4975-9571-cc2ea49755d4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1428	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16e42f3f-d5af-4975-9571-cc2ea49755d4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1427	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e908070-7e83-4487-bd74-9e09c5e8c463 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d16c08dc-7d74-413f-848d-000cdf7a7f00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1426	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2c3c1cb-2072-4b29-bd95-43b2a5ee176e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f2eb6122-9935-4b97-9cd6-9d357039e4c4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1425	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2c3c1cb-2072-4b29-bd95-43b2a5ee176e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1424	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2c3c1cb-2072-4b29-bd95-43b2a5ee176e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1423	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2c3c1cb-2072-4b29-bd95-43b2a5ee176e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1422	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2c3c1cb-2072-4b29-bd95-43b2a5ee176e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1421	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2c3c1cb-2072-4b29-bd95-43b2a5ee176e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1420	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2c3c1cb-2072-4b29-bd95-43b2a5ee176e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1419	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2c3c1cb-2072-4b29-bd95-43b2a5ee176e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1418	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2c3c1cb-2072-4b29-bd95-43b2a5ee176e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1417	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e908070-7e83-4487-bd74-9e09c5e8c463 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d16c08dc-7d74-413f-848d-000cdf7a7f00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1416	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e908070-7e83-4487-bd74-9e09c5e8c463 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1415	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e908070-7e83-4487-bd74-9e09c5e8c463 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1414	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e908070-7e83-4487-bd74-9e09c5e8c463 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1413	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e908070-7e83-4487-bd74-9e09c5e8c463 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1412	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e908070-7e83-4487-bd74-9e09c5e8c463 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1411	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e908070-7e83-4487-bd74-9e09c5e8c463 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1410	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2e7b574-1117-4857-affb-c235e099c7f5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e8a3978c-2497-449d-971c-000562354bdf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1409	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7eef8386-b2c5-47e5-9829-42ec0cad9d5a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion=5.1.14393.1944 RunspaceId=fbb56c52-4889-4d73-b2de-00f5f17f1346 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1408	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7eef8386-b2c5-47e5-9829-42ec0cad9d5a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion=5.1.14393.1944 RunspaceId=fbb56c52-4889-4d73-b2de-00f5f17f1346 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1407	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7eef8386-b2c5-47e5-9829-42ec0cad9d5a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1406	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7eef8386-b2c5-47e5-9829-42ec0cad9d5a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1405	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7eef8386-b2c5-47e5-9829-42ec0cad9d5a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1404	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7eef8386-b2c5-47e5-9829-42ec0cad9d5a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1403	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7eef8386-b2c5-47e5-9829-42ec0cad9d5a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1402	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7eef8386-b2c5-47e5-9829-42ec0cad9d5a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1401	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7e98fb2-8a4e-49d7-b4fa-60308b065b8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f00a6b20-e78f-435f-b69e-a049f5e833c2 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1400	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7e98fb2-8a4e-49d7-b4fa-60308b065b8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f00a6b20-e78f-435f-b69e-a049f5e833c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1399	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7e98fb2-8a4e-49d7-b4fa-60308b065b8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1398	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7e98fb2-8a4e-49d7-b4fa-60308b065b8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1397	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7e98fb2-8a4e-49d7-b4fa-60308b065b8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1396	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7e98fb2-8a4e-49d7-b4fa-60308b065b8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1395	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7e98fb2-8a4e-49d7-b4fa-60308b065b8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1394	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7e98fb2-8a4e-49d7-b4fa-60308b065b8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1393	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7e98fb2-8a4e-49d7-b4fa-60308b065b8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1392	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7e98fb2-8a4e-49d7-b4fa-60308b065b8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1391	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2e7b574-1117-4857-affb-c235e099c7f5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e8a3978c-2497-449d-971c-000562354bdf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1390	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2e7b574-1117-4857-affb-c235e099c7f5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1389	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2e7b574-1117-4857-affb-c235e099c7f5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1388	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2e7b574-1117-4857-affb-c235e099c7f5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1387	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2e7b574-1117-4857-affb-c235e099c7f5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1386	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2e7b574-1117-4857-affb-c235e099c7f5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1385	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2e7b574-1117-4857-affb-c235e099c7f5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1384	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=98347b6e-7f17-48be-a5e4-a0be92014250 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=106f52fd-56c2-44a2-87e7-c6ac66296c6a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1383	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f8457ff3-0caa-43eb-b266-14c788a1d3c5 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion=5.1.14393.1944 RunspaceId=1834f430-54c3-420d-ae76-7decaed206a9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1382	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f8457ff3-0caa-43eb-b266-14c788a1d3c5 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion=5.1.14393.1944 RunspaceId=1834f430-54c3-420d-ae76-7decaed206a9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1381	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f8457ff3-0caa-43eb-b266-14c788a1d3c5 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1380	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f8457ff3-0caa-43eb-b266-14c788a1d3c5 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1379	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f8457ff3-0caa-43eb-b266-14c788a1d3c5 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1378	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f8457ff3-0caa-43eb-b266-14c788a1d3c5 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1377	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f8457ff3-0caa-43eb-b266-14c788a1d3c5 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1376	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f8457ff3-0caa-43eb-b266-14c788a1d3c5 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1375	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=496a7892-68ce-40e9-b2e4-ae871afed104 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=391e3319-f7f6-469b-87ad-269b9edc9625 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1374	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=496a7892-68ce-40e9-b2e4-ae871afed104 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=391e3319-f7f6-469b-87ad-269b9edc9625 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1373	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=496a7892-68ce-40e9-b2e4-ae871afed104 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1372	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=496a7892-68ce-40e9-b2e4-ae871afed104 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1371	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=496a7892-68ce-40e9-b2e4-ae871afed104 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1370	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=496a7892-68ce-40e9-b2e4-ae871afed104 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1369	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=496a7892-68ce-40e9-b2e4-ae871afed104 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1368	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=496a7892-68ce-40e9-b2e4-ae871afed104 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1367	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=496a7892-68ce-40e9-b2e4-ae871afed104 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1366	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=496a7892-68ce-40e9-b2e4-ae871afed104 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1365	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=98347b6e-7f17-48be-a5e4-a0be92014250 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=106f52fd-56c2-44a2-87e7-c6ac66296c6a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1364	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=98347b6e-7f17-48be-a5e4-a0be92014250 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1363	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=98347b6e-7f17-48be-a5e4-a0be92014250 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1362	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=98347b6e-7f17-48be-a5e4-a0be92014250 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1361	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=98347b6e-7f17-48be-a5e4-a0be92014250 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1360	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=98347b6e-7f17-48be-a5e4-a0be92014250 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1359	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=98347b6e-7f17-48be-a5e4-a0be92014250 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1358	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=22064756-b6e1-496f-a46c-91f519ed7c9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2f1431d5-bc53-4f0f-bb0a-e1b8bd53495a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1357	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=4cc854e4-0f13-40d9-bcce-247558aa6fa1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b8654cad-de31-4266-b86e-4280392cbf5a PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"	800		0	4	8		36028797018963968	1356	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4cc854e4-0f13-40d9-bcce-247558aa6fa1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b8654cad-de31-4266-b86e-4280392cbf5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1355	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4cc854e4-0f13-40d9-bcce-247558aa6fa1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1354	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4cc854e4-0f13-40d9-bcce-247558aa6fa1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1353	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4cc854e4-0f13-40d9-bcce-247558aa6fa1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1352	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4cc854e4-0f13-40d9-bcce-247558aa6fa1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1351	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4cc854e4-0f13-40d9-bcce-247558aa6fa1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1350	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4cc854e4-0f13-40d9-bcce-247558aa6fa1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1349	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4cc854e4-0f13-40d9-bcce-247558aa6fa1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1348	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4cc854e4-0f13-40d9-bcce-247558aa6fa1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1347	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=22064756-b6e1-496f-a46c-91f519ed7c9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2f1431d5-bc53-4f0f-bb0a-e1b8bd53495a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1346	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=22064756-b6e1-496f-a46c-91f519ed7c9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1345	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=22064756-b6e1-496f-a46c-91f519ed7c9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1344	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=22064756-b6e1-496f-a46c-91f519ed7c9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1343	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=22064756-b6e1-496f-a46c-91f519ed7c9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1342	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=22064756-b6e1-496f-a46c-91f519ed7c9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1341	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=22064756-b6e1-496f-a46c-91f519ed7c9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1340	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a687832-3842-40f2-9ccd-68dea578c457 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=705c517a-6f4e-4842-b5bf-d6997651fb99 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1339	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=e381736a-6054-41bc-bab8-35ff59d8db93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=82929274-67e6-47ac-8c29-9802d3dae859 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $webclient_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } }"	800		0	4	8		36028797018963968	1338	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e381736a-6054-41bc-bab8-35ff59d8db93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=82929274-67e6-47ac-8c29-9802d3dae859 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1337	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e381736a-6054-41bc-bab8-35ff59d8db93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1336	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e381736a-6054-41bc-bab8-35ff59d8db93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1335	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e381736a-6054-41bc-bab8-35ff59d8db93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1334	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e381736a-6054-41bc-bab8-35ff59d8db93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1333	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e381736a-6054-41bc-bab8-35ff59d8db93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1332	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e381736a-6054-41bc-bab8-35ff59d8db93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1331	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e381736a-6054-41bc-bab8-35ff59d8db93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1330	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e381736a-6054-41bc-bab8-35ff59d8db93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1329	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a687832-3842-40f2-9ccd-68dea578c457 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=705c517a-6f4e-4842-b5bf-d6997651fb99 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1328	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a687832-3842-40f2-9ccd-68dea578c457 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1327	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a687832-3842-40f2-9ccd-68dea578c457 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1326	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a687832-3842-40f2-9ccd-68dea578c457 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1325	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a687832-3842-40f2-9ccd-68dea578c457 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1324	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a687832-3842-40f2-9ccd-68dea578c457 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1323	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9a687832-3842-40f2-9ccd-68dea578c457 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1322	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=820a9043-9a0b-4295-8ac1-ce6adb727bf0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=76d88202-bb62-4500-83bf-575f4a8203fe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1321	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=408ae0fb-af5e-49d4-8ef4-fc1953821f21 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b0fa9639-e2b3-4a43-92b2-e796e800f032 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1320	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=408ae0fb-af5e-49d4-8ef4-fc1953821f21 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1319	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=408ae0fb-af5e-49d4-8ef4-fc1953821f21 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1318	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=408ae0fb-af5e-49d4-8ef4-fc1953821f21 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1317	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=408ae0fb-af5e-49d4-8ef4-fc1953821f21 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1316	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=408ae0fb-af5e-49d4-8ef4-fc1953821f21 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1315	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=408ae0fb-af5e-49d4-8ef4-fc1953821f21 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1314	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=408ae0fb-af5e-49d4-8ef4-fc1953821f21 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1313	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=408ae0fb-af5e-49d4-8ef4-fc1953821f21 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1312	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=820a9043-9a0b-4295-8ac1-ce6adb727bf0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=76d88202-bb62-4500-83bf-575f4a8203fe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1311	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=820a9043-9a0b-4295-8ac1-ce6adb727bf0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1310	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=820a9043-9a0b-4295-8ac1-ce6adb727bf0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1309	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=820a9043-9a0b-4295-8ac1-ce6adb727bf0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1308	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=820a9043-9a0b-4295-8ac1-ce6adb727bf0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1307	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=820a9043-9a0b-4295-8ac1-ce6adb727bf0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1306	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=820a9043-9a0b-4295-8ac1-ce6adb727bf0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1305	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bacb411e-e7ee-4582-86f9-d4d958dd0302 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=0710750f-de1c-488b-ac7d-090ef9bd38f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1304	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5cb85345-fc34-47ee-a948-9e204166f19e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion=5.1.14393.1944 RunspaceId=f35ce68f-c114-42a0-adab-c96eb536b14f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1303	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5cb85345-fc34-47ee-a948-9e204166f19e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion=5.1.14393.1944 RunspaceId=f35ce68f-c114-42a0-adab-c96eb536b14f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1302	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5cb85345-fc34-47ee-a948-9e204166f19e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1301	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5cb85345-fc34-47ee-a948-9e204166f19e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1300	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5cb85345-fc34-47ee-a948-9e204166f19e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1299	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5cb85345-fc34-47ee-a948-9e204166f19e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1298	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5cb85345-fc34-47ee-a948-9e204166f19e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1297	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5cb85345-fc34-47ee-a948-9e204166f19e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1296	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=a8a3cf3e-02ed-4be3-a757-795867a5cbfc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d62250df-d899-4508-b9cd-43e6dd817711 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1295	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a8a3cf3e-02ed-4be3-a757-795867a5cbfc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d62250df-d899-4508-b9cd-43e6dd817711 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1294	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a8a3cf3e-02ed-4be3-a757-795867a5cbfc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1293	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a8a3cf3e-02ed-4be3-a757-795867a5cbfc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1292	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a8a3cf3e-02ed-4be3-a757-795867a5cbfc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1291	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a8a3cf3e-02ed-4be3-a757-795867a5cbfc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1290	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a8a3cf3e-02ed-4be3-a757-795867a5cbfc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1289	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a8a3cf3e-02ed-4be3-a757-795867a5cbfc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1288	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a8a3cf3e-02ed-4be3-a757-795867a5cbfc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1287	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a8a3cf3e-02ed-4be3-a757-795867a5cbfc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1286	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bacb411e-e7ee-4582-86f9-d4d958dd0302 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=0710750f-de1c-488b-ac7d-090ef9bd38f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1285	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bacb411e-e7ee-4582-86f9-d4d958dd0302 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1284	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bacb411e-e7ee-4582-86f9-d4d958dd0302 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1283	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bacb411e-e7ee-4582-86f9-d4d958dd0302 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1282	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bacb411e-e7ee-4582-86f9-d4d958dd0302 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1281	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bacb411e-e7ee-4582-86f9-d4d958dd0302 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1280	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bacb411e-e7ee-4582-86f9-d4d958dd0302 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1279	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=81a82396-46b2-43bd-963e-b7bd1c27785c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d3dd81ad-8875-4eb4-8ea6-0f1ad184558a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1278	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=ca4e6fbe-e68f-44a3-97f9-651923599571 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5eb19017-a68e-4ce4-9f16-8b732b7fde37 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $webclient_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } }"	800		0	4	8		36028797018963968	1277	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ca4e6fbe-e68f-44a3-97f9-651923599571 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5eb19017-a68e-4ce4-9f16-8b732b7fde37 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1276	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ca4e6fbe-e68f-44a3-97f9-651923599571 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1275	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ca4e6fbe-e68f-44a3-97f9-651923599571 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1274	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ca4e6fbe-e68f-44a3-97f9-651923599571 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1273	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ca4e6fbe-e68f-44a3-97f9-651923599571 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1272	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ca4e6fbe-e68f-44a3-97f9-651923599571 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1271	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ca4e6fbe-e68f-44a3-97f9-651923599571 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1270	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ca4e6fbe-e68f-44a3-97f9-651923599571 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1269	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ca4e6fbe-e68f-44a3-97f9-651923599571 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1268	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=81a82396-46b2-43bd-963e-b7bd1c27785c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d3dd81ad-8875-4eb4-8ea6-0f1ad184558a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1267	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=81a82396-46b2-43bd-963e-b7bd1c27785c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1266	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=81a82396-46b2-43bd-963e-b7bd1c27785c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1265	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=81a82396-46b2-43bd-963e-b7bd1c27785c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1264	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=81a82396-46b2-43bd-963e-b7bd1c27785c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1263	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=81a82396-46b2-43bd-963e-b7bd1c27785c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1262	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=81a82396-46b2-43bd-963e-b7bd1c27785c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1261	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5a1ae9bd-d28e-4ba8-8dbc-d4f0c3e940b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=51a112c6-996c-4c13-b037-ead0dfd388d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1260	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=346746d5-fb05-4427-8671-8b8c22c11837 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c48298b3-b9d6-471d-8f72-d3f7b6475038 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1259	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=346746d5-fb05-4427-8671-8b8c22c11837 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1258	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=346746d5-fb05-4427-8671-8b8c22c11837 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1257	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=346746d5-fb05-4427-8671-8b8c22c11837 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1256	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=346746d5-fb05-4427-8671-8b8c22c11837 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1255	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=346746d5-fb05-4427-8671-8b8c22c11837 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1254	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=346746d5-fb05-4427-8671-8b8c22c11837 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1253	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=346746d5-fb05-4427-8671-8b8c22c11837 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1252	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=346746d5-fb05-4427-8671-8b8c22c11837 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1251	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5a1ae9bd-d28e-4ba8-8dbc-d4f0c3e940b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=51a112c6-996c-4c13-b037-ead0dfd388d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1250	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5a1ae9bd-d28e-4ba8-8dbc-d4f0c3e940b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1249	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5a1ae9bd-d28e-4ba8-8dbc-d4f0c3e940b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1248	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5a1ae9bd-d28e-4ba8-8dbc-d4f0c3e940b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1247	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5a1ae9bd-d28e-4ba8-8dbc-d4f0c3e940b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1246	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5a1ae9bd-d28e-4ba8-8dbc-d4f0c3e940b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1245	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5a1ae9bd-d28e-4ba8-8dbc-d4f0c3e940b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1244	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cca446f-9f87-45bc-b3a3-f0b5d49e1ab9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=981f910c-0ea3-4fa4-8e61-69b120b5981f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1243	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fb852b4-0793-43e1-b43a-7c45cdc3695a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion=5.1.14393.1944 RunspaceId=61d27a1f-6edd-480d-bc17-71b3ad97edae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1242	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:25:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fb852b4-0793-43e1-b43a-7c45cdc3695a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion=5.1.14393.1944 RunspaceId=61d27a1f-6edd-480d-bc17-71b3ad97edae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1241	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fb852b4-0793-43e1-b43a-7c45cdc3695a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1240	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fb852b4-0793-43e1-b43a-7c45cdc3695a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1239	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fb852b4-0793-43e1-b43a-7c45cdc3695a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1238	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fb852b4-0793-43e1-b43a-7c45cdc3695a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1237	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fb852b4-0793-43e1-b43a-7c45cdc3695a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1236	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4fb852b4-0793-43e1-b43a-7c45cdc3695a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1235	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=82a56b64-ffb3-4284-8de4-db07d1b031b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f0a4719e-a68b-4479-a59d-22feca0c5209 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1234	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=82a56b64-ffb3-4284-8de4-db07d1b031b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f0a4719e-a68b-4479-a59d-22feca0c5209 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1233	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=82a56b64-ffb3-4284-8de4-db07d1b031b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1232	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=82a56b64-ffb3-4284-8de4-db07d1b031b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1231	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=82a56b64-ffb3-4284-8de4-db07d1b031b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1230	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=82a56b64-ffb3-4284-8de4-db07d1b031b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1229	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=82a56b64-ffb3-4284-8de4-db07d1b031b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1228	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=82a56b64-ffb3-4284-8de4-db07d1b031b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1227	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=82a56b64-ffb3-4284-8de4-db07d1b031b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1226	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=82a56b64-ffb3-4284-8de4-db07d1b031b3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1225	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cca446f-9f87-45bc-b3a3-f0b5d49e1ab9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=981f910c-0ea3-4fa4-8e61-69b120b5981f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1224	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cca446f-9f87-45bc-b3a3-f0b5d49e1ab9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1223	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cca446f-9f87-45bc-b3a3-f0b5d49e1ab9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1222	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cca446f-9f87-45bc-b3a3-f0b5d49e1ab9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1221	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cca446f-9f87-45bc-b3a3-f0b5d49e1ab9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1220	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cca446f-9f87-45bc-b3a3-f0b5d49e1ab9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1219	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cca446f-9f87-45bc-b3a3-f0b5d49e1ab9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1218	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7aad288d-de23-43a4-b290-5932823d8331 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b749a934-932f-477f-b158-9c975b36aac7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1217	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c95a4bda-0971-4dde-983e-1dbb33edfa1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=30215afe-ee40-4bf7-8ed0-e646d8b648ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1216	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c95a4bda-0971-4dde-983e-1dbb33edfa1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1215	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c95a4bda-0971-4dde-983e-1dbb33edfa1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1214	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c95a4bda-0971-4dde-983e-1dbb33edfa1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1213	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c95a4bda-0971-4dde-983e-1dbb33edfa1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1212	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c95a4bda-0971-4dde-983e-1dbb33edfa1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1211	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c95a4bda-0971-4dde-983e-1dbb33edfa1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1210	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c95a4bda-0971-4dde-983e-1dbb33edfa1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1209	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c95a4bda-0971-4dde-983e-1dbb33edfa1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1208	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7aad288d-de23-43a4-b290-5932823d8331 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b749a934-932f-477f-b158-9c975b36aac7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1207	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7aad288d-de23-43a4-b290-5932823d8331 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1206	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7aad288d-de23-43a4-b290-5932823d8331 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1205	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7aad288d-de23-43a4-b290-5932823d8331 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1204	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7aad288d-de23-43a4-b290-5932823d8331 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1203	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7aad288d-de23-43a4-b290-5932823d8331 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1202	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7aad288d-de23-43a4-b290-5932823d8331 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1201	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=094d66d1-194f-4947-b4af-f33b2a6e8ff8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e071e35c-f056-4a28-aa51-bc5b01a4e6a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1200	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=87973ac3-eccf-4ec9-8106-799341ea368f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion=5.1.14393.1944 RunspaceId=2c773996-9e22-4a3d-8818-f1dccf771091 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1199	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=87973ac3-eccf-4ec9-8106-799341ea368f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion=5.1.14393.1944 RunspaceId=2c773996-9e22-4a3d-8818-f1dccf771091 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1198	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=87973ac3-eccf-4ec9-8106-799341ea368f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1197	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=87973ac3-eccf-4ec9-8106-799341ea368f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1196	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=87973ac3-eccf-4ec9-8106-799341ea368f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1195	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=87973ac3-eccf-4ec9-8106-799341ea368f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1194	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=87973ac3-eccf-4ec9-8106-799341ea368f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1193	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=87973ac3-eccf-4ec9-8106-799341ea368f HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1192	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=950eb92d-3182-4e6d-a90e-5b57b3b873f8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=19d307dc-4f21-4e39-8321-7a639d45cbe5 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1191	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=950eb92d-3182-4e6d-a90e-5b57b3b873f8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=19d307dc-4f21-4e39-8321-7a639d45cbe5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1190	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=950eb92d-3182-4e6d-a90e-5b57b3b873f8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1189	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=950eb92d-3182-4e6d-a90e-5b57b3b873f8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1188	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=950eb92d-3182-4e6d-a90e-5b57b3b873f8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1187	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=950eb92d-3182-4e6d-a90e-5b57b3b873f8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1186	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=950eb92d-3182-4e6d-a90e-5b57b3b873f8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1185	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=950eb92d-3182-4e6d-a90e-5b57b3b873f8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1184	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=950eb92d-3182-4e6d-a90e-5b57b3b873f8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1183	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=950eb92d-3182-4e6d-a90e-5b57b3b873f8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1182	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=094d66d1-194f-4947-b4af-f33b2a6e8ff8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e071e35c-f056-4a28-aa51-bc5b01a4e6a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1181	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=094d66d1-194f-4947-b4af-f33b2a6e8ff8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1180	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=094d66d1-194f-4947-b4af-f33b2a6e8ff8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1179	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=094d66d1-194f-4947-b4af-f33b2a6e8ff8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1178	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=094d66d1-194f-4947-b4af-f33b2a6e8ff8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1177	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=094d66d1-194f-4947-b4af-f33b2a6e8ff8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1176	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=094d66d1-194f-4947-b4af-f33b2a6e8ff8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1175	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=01bb3cb2-b145-479d-9fe3-c691469a8f05 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=733603d6-d679-4fd3-bb93-9daefa80deb1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1174	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=c8ef450e-ed1b-44d4-bbb2-b461cc1100e1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=31b03ef5-87ee-4be8-b451-4c7bde552f23 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $webclient_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } }"	800		0	4	8		36028797018963968	1173	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c8ef450e-ed1b-44d4-bbb2-b461cc1100e1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=31b03ef5-87ee-4be8-b451-4c7bde552f23 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1172	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c8ef450e-ed1b-44d4-bbb2-b461cc1100e1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1171	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c8ef450e-ed1b-44d4-bbb2-b461cc1100e1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1170	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c8ef450e-ed1b-44d4-bbb2-b461cc1100e1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1169	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c8ef450e-ed1b-44d4-bbb2-b461cc1100e1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1168	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c8ef450e-ed1b-44d4-bbb2-b461cc1100e1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1167	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c8ef450e-ed1b-44d4-bbb2-b461cc1100e1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1166	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c8ef450e-ed1b-44d4-bbb2-b461cc1100e1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1165	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c8ef450e-ed1b-44d4-bbb2-b461cc1100e1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1164	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:24:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=01bb3cb2-b145-479d-9fe3-c691469a8f05 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=733603d6-d679-4fd3-bb93-9daefa80deb1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1163	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=01bb3cb2-b145-479d-9fe3-c691469a8f05 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1162	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=01bb3cb2-b145-479d-9fe3-c691469a8f05 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1161	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=01bb3cb2-b145-479d-9fe3-c691469a8f05 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1160	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=01bb3cb2-b145-479d-9fe3-c691469a8f05 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1159	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=01bb3cb2-b145-479d-9fe3-c691469a8f05 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1158	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=01bb3cb2-b145-479d-9fe3-c691469a8f05 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1157	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=496342e9-c4a5-4230-bdcc-a991834c3a61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3fd95488-610f-473c-9ebb-555ab954e58e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1156	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f33f2482-dccc-4afd-b1ce-7409fda0e29b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e756070f-cad2-40d2-8f80-f95045158368 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1155	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f33f2482-dccc-4afd-b1ce-7409fda0e29b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1154	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f33f2482-dccc-4afd-b1ce-7409fda0e29b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1153	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f33f2482-dccc-4afd-b1ce-7409fda0e29b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1152	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f33f2482-dccc-4afd-b1ce-7409fda0e29b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1151	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f33f2482-dccc-4afd-b1ce-7409fda0e29b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1150	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f33f2482-dccc-4afd-b1ce-7409fda0e29b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1149	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f33f2482-dccc-4afd-b1ce-7409fda0e29b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1148	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f33f2482-dccc-4afd-b1ce-7409fda0e29b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1147	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=496342e9-c4a5-4230-bdcc-a991834c3a61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3fd95488-610f-473c-9ebb-555ab954e58e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1146	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=496342e9-c4a5-4230-bdcc-a991834c3a61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1145	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=496342e9-c4a5-4230-bdcc-a991834c3a61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1144	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=496342e9-c4a5-4230-bdcc-a991834c3a61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1143	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=496342e9-c4a5-4230-bdcc-a991834c3a61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1142	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=496342e9-c4a5-4230-bdcc-a991834c3a61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1141	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=496342e9-c4a5-4230-bdcc-a991834c3a61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1140	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9cd9f36f-a5cd-415f-955e-bc48062a9988 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB5AEEARABNAEEATQB3AEEAdQBBAEQAYwBBAE4AUQBBAHQAQQBEAEkAQQBNAFEAQQAwAEEARABrAEEATQBBAEEAMgBBAEQAVQBBAE0AZwBBAHgAQQBEAGcAQQBNAEEAQQAwAEEARABrAEEATQBnAEEAMwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=9c2fa743-83f3-4438-a523-0f340552c7fb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1139	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=369c9b65-3a31-41f0-bf4c-31e7f54c23ef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADMAMwAuADcANQAtADIAMQA0ADkAMAA2ADUAMgAxADgAMAA0ADkAMgA3ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=f5fb72d9-ecbd-4def-9f2f-f43bab3d07cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1138	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=369c9b65-3a31-41f0-bf4c-31e7f54c23ef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADMAMwAuADcANQAtADIAMQA0ADkAMAA2ADUAMgAxADgAMAA0ADkAMgA3ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=f5fb72d9-ecbd-4def-9f2f-f43bab3d07cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1137	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=369c9b65-3a31-41f0-bf4c-31e7f54c23ef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADMAMwAuADcANQAtADIAMQA0ADkAMAA2ADUAMgAxADgAMAA0ADkAMgA3ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1136	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=369c9b65-3a31-41f0-bf4c-31e7f54c23ef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADMAMwAuADcANQAtADIAMQA0ADkAMAA2ADUAMgAxADgAMAA0ADkAMgA3ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1135	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=369c9b65-3a31-41f0-bf4c-31e7f54c23ef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADMAMwAuADcANQAtADIAMQA0ADkAMAA2ADUAMgAxADgAMAA0ADkAMgA3ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1134	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=369c9b65-3a31-41f0-bf4c-31e7f54c23ef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADMAMwAuADcANQAtADIAMQA0ADkAMAA2ADUAMgAxADgAMAA0ADkAMgA3ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1133	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=369c9b65-3a31-41f0-bf4c-31e7f54c23ef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADMAMwAuADcANQAtADIAMQA0ADkAMAA2ADUAMgAxADgAMAA0ADkAMgA3ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1132	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=369c9b65-3a31-41f0-bf4c-31e7f54c23ef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADMAMwAuADcANQAtADIAMQA0ADkAMAA2ADUAMgAxADgAMAA0ADkAMgA3ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1131	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9cd9f36f-a5cd-415f-955e-bc48062a9988 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB5AEEARABNAEEATQB3AEEAdQBBAEQAYwBBAE4AUQBBAHQAQQBEAEkAQQBNAFEAQQAwAEEARABrAEEATQBBAEEAMgBBAEQAVQBBAE0AZwBBAHgAQQBEAGcAQQBNAEEAQQAwAEEARABrAEEATQBnAEEAMwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=9c2fa743-83f3-4438-a523-0f340552c7fb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1130	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9cd9f36f-a5cd-415f-955e-bc48062a9988 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB5AEEARABNAEEATQB3AEEAdQBBAEQAYwBBAE4AUQBBAHQAQQBEAEkAQQBNAFEAQQAwAEEARABrAEEATQBBAEEAMgBBAEQAVQBBAE0AZwBBAHgAQQBEAGcAQQBNAEEAQQAwAEEARABrAEEATQBnAEEAMwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1129	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9cd9f36f-a5cd-415f-955e-bc48062a9988 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB5AEEARABNAEEATQB3AEEAdQBBAEQAYwBBAE4AUQBBAHQAQQBEAEkAQQBNAFEAQQAwAEEARABrAEEATQBBAEEAMgBBAEQAVQBBAE0AZwBBAHgAQQBEAGcAQQBNAEEAQQAwAEEARABrAEEATQBnAEEAMwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1128	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9cd9f36f-a5cd-415f-955e-bc48062a9988 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB5AEEARABNAEEATQB3AEEAdQBBAEQAYwBBAE4AUQBBAHQAQQBEAEkAQQBNAFEAQQAwAEEARABrAEEATQBBAEEAMgBBAEQAVQBBAE0AZwBBAHgAQQBEAGcAQQBNAEEAQQAwAEEARABrAEEATQBnAEEAMwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1127	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9cd9f36f-a5cd-415f-955e-bc48062a9988 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB5AEEARABNAEEATQB3AEEAdQBBAEQAYwBBAE4AUQBBAHQAQQBEAEkAQQBNAFEAQQAwAEEARABrAEEATQBBAEEAMgBBAEQAVQBBAE0AZwBBAHgAQQBEAGcAQQBNAEEAQQAwAEEARABrAEEATQBnAEEAMwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1126	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9cd9f36f-a5cd-415f-955e-bc48062a9988 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB5AEEARABNAEEATQB3AEEAdQBBAEQAYwBBAE4AUQBBAHQAQQBEAEkAQQBNAFEAQQAwAEEARABrAEEATQBBAEEAMgBBAEQAVQBBAE0AZwBBAHgAQQBEAGcAQQBNAEEAQQAwAEEARABrAEEATQBnAEEAMwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1125	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9cd9f36f-a5cd-415f-955e-bc48062a9988 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB5AEEARABNAEEATQB3AEEAdQBBAEQAYwBBAE4AUQBBAHQAQQBEAEkAQQBNAFEAQQAwAEEARABrAEEATQBBAEEAMgBBAEQAVQBBAE0AZwBBAHgAQQBEAGcAQQBNAEEAQQAwAEEARABrAEEATQBnAEEAMwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1124	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=648d1701-4e24-4849-9ee6-6ff58cc5eb63 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9ecd46d9-1b2f-4cdf-a7cb-f1a08eeb547f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1123	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d137d6bc-eb71-44bb-833a-c90fc071ec5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5068bbe8-0f02-4322-932f-cacf4a7a3705 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1122	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d137d6bc-eb71-44bb-833a-c90fc071ec5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1121	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d137d6bc-eb71-44bb-833a-c90fc071ec5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1120	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d137d6bc-eb71-44bb-833a-c90fc071ec5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1119	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d137d6bc-eb71-44bb-833a-c90fc071ec5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1118	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d137d6bc-eb71-44bb-833a-c90fc071ec5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1117	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d137d6bc-eb71-44bb-833a-c90fc071ec5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1116	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d137d6bc-eb71-44bb-833a-c90fc071ec5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1115	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d137d6bc-eb71-44bb-833a-c90fc071ec5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1114	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=648d1701-4e24-4849-9ee6-6ff58cc5eb63 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9ecd46d9-1b2f-4cdf-a7cb-f1a08eeb547f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1113	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=648d1701-4e24-4849-9ee6-6ff58cc5eb63 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1112	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=648d1701-4e24-4849-9ee6-6ff58cc5eb63 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1111	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=648d1701-4e24-4849-9ee6-6ff58cc5eb63 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1110	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=648d1701-4e24-4849-9ee6-6ff58cc5eb63 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1109	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=648d1701-4e24-4849-9ee6-6ff58cc5eb63 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1108	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=648d1701-4e24-4849-9ee6-6ff58cc5eb63 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1107	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4b6741b-f5aa-436f-a9c2-cbf94601bd5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADMAMwAuADcANQAtADIAMQA0ADkAMAA2ADUAMgAxADgAMAA0ADkAMgA3AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=4d850ff3-964a-42ae-b2e4-4264718e2c73 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1106	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4b6741b-f5aa-436f-a9c2-cbf94601bd5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADMAMwAuADcANQAtADIAMQA0ADkAMAA2ADUAMgAxADgAMAA0ADkAMgA3AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=4d850ff3-964a-42ae-b2e4-4264718e2c73 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1105	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4b6741b-f5aa-436f-a9c2-cbf94601bd5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADMAMwAuADcANQAtADIAMQA0ADkAMAA2ADUAMgAxADgAMAA0ADkAMgA3AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1104	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4b6741b-f5aa-436f-a9c2-cbf94601bd5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADMAMwAuADcANQAtADIAMQA0ADkAMAA2ADUAMgAxADgAMAA0ADkAMgA3AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1103	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4b6741b-f5aa-436f-a9c2-cbf94601bd5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADMAMwAuADcANQAtADIAMQA0ADkAMAA2ADUAMgAxADgAMAA0ADkAMgA3AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1102	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4b6741b-f5aa-436f-a9c2-cbf94601bd5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADMAMwAuADcANQAtADIAMQA0ADkAMAA2ADUAMgAxADgAMAA0ADkAMgA3AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1101	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4b6741b-f5aa-436f-a9c2-cbf94601bd5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADMAMwAuADcANQAtADIAMQA0ADkAMAA2ADUAMgAxADgAMAA0ADkAMgA3AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1100	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4b6741b-f5aa-436f-a9c2-cbf94601bd5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADMAMwAuADcANQAtADIAMQA0ADkAMAA2ADUAMgAxADgAMAA0ADkAMgA3AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1099	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cc0f55f1-3348-449f-be58-af66a25fc006 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEkAQQBNAHcAQQB6AEEAQwA0AEEATgB3AEEAMQBBAEMAMABBAE0AZwBBAHgAQQBEAFEAQQBPAFEAQQB3AEEARABZAEEATgBRAEEAeQBBAEQARQBBAE8AQQBBAHcAQQBEAFEAQQBPAFEAQQB5AEEARABjAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=e080a16c-9744-42a5-95b9-762751183d78 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1098	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=189f2a70-2ced-4930-b7a4-44703298220e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADIAMwAzAC4ANwA1AC0AMgAxADQAOQAwADYANQAyADEAOAAwADQAOQAyADcAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=77b2136e-1e6a-4670-8995-96d02ba708b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1097	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=189f2a70-2ced-4930-b7a4-44703298220e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADIAMwAzAC4ANwA1AC0AMgAxADQAOQAwADYANQAyADEAOAAwADQAOQAyADcAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=77b2136e-1e6a-4670-8995-96d02ba708b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1096	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=189f2a70-2ced-4930-b7a4-44703298220e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADIAMwAzAC4ANwA1AC0AMgAxADQAOQAwADYANQAyADEAOAAwADQAOQAyADcAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1095	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=189f2a70-2ced-4930-b7a4-44703298220e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADIAMwAzAC4ANwA1AC0AMgAxADQAOQAwADYANQAyADEAOAAwADQAOQAyADcAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1094	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=189f2a70-2ced-4930-b7a4-44703298220e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADIAMwAzAC4ANwA1AC0AMgAxADQAOQAwADYANQAyADEAOAAwADQAOQAyADcAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1093	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=189f2a70-2ced-4930-b7a4-44703298220e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADIAMwAzAC4ANwA1AC0AMgAxADQAOQAwADYANQAyADEAOAAwADQAOQAyADcAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1092	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=189f2a70-2ced-4930-b7a4-44703298220e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADIAMwAzAC4ANwA1AC0AMgAxADQAOQAwADYANQAyADEAOAAwADQAOQAyADcAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1091	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=189f2a70-2ced-4930-b7a4-44703298220e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADIAMwAzAC4ANwA1AC0AMgAxADQAOQAwADYANQAyADEAOAAwADQAOQAyADcAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1090	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cc0f55f1-3348-449f-be58-af66a25fc006 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEkAQQBNAHcAQQB6AEEAQwA0AEEATgB3AEEAMQBBAEMAMABBAE0AZwBBAHgAQQBEAFEAQQBPAFEAQQB3AEEARABZAEEATgBRAEEAeQBBAEQARQBBAE8AQQBBAHcAQQBEAFEAQQBPAFEAQQB5AEEARABjAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=e080a16c-9744-42a5-95b9-762751183d78 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1089	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cc0f55f1-3348-449f-be58-af66a25fc006 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEkAQQBNAHcAQQB6AEEAQwA0AEEATgB3AEEAMQBBAEMAMABBAE0AZwBBAHgAQQBEAFEAQQBPAFEAQQB3AEEARABZAEEATgBRAEEAeQBBAEQARQBBAE8AQQBBAHcAQQBEAFEAQQBPAFEAQQB5AEEARABjAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1088	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cc0f55f1-3348-449f-be58-af66a25fc006 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEkAQQBNAHcAQQB6AEEAQwA0AEEATgB3AEEAMQBBAEMAMABBAE0AZwBBAHgAQQBEAFEAQQBPAFEAQQB3AEEARABZAEEATgBRAEEAeQBBAEQARQBBAE8AQQBBAHcAQQBEAFEAQQBPAFEAQQB5AEEARABjAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1087	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cc0f55f1-3348-449f-be58-af66a25fc006 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEkAQQBNAHcAQQB6AEEAQwA0AEEATgB3AEEAMQBBAEMAMABBAE0AZwBBAHgAQQBEAFEAQQBPAFEAQQB3AEEARABZAEEATgBRAEEAeQBBAEQARQBBAE8AQQBBAHcAQQBEAFEAQQBPAFEAQQB5AEEARABjAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1086	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cc0f55f1-3348-449f-be58-af66a25fc006 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEkAQQBNAHcAQQB6AEEAQwA0AEEATgB3AEEAMQBBAEMAMABBAE0AZwBBAHgAQQBEAFEAQQBPAFEAQQB3AEEARABZAEEATgBRAEEAeQBBAEQARQBBAE8AQQBBAHcAQQBEAFEAQQBPAFEAQQB5AEEARABjAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1085	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cc0f55f1-3348-449f-be58-af66a25fc006 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEkAQQBNAHcAQQB6AEEAQwA0AEEATgB3AEEAMQBBAEMAMABBAE0AZwBBAHgAQQBEAFEAQQBPAFEAQQB3AEEARABZAEEATgBRAEEAeQBBAEQARQBBAE8AQQBBAHcAQQBEAFEAQQBPAFEAQQB5AEEARABjAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1084	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cc0f55f1-3348-449f-be58-af66a25fc006 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEkAQQBNAHcAQQB6AEEAQwA0AEEATgB3AEEAMQBBAEMAMABBAE0AZwBBAHgAQQBEAFEAQQBPAFEAQQB3AEEARABZAEEATgBRAEEAeQBBAEQARQBBAE8AQQBBAHcAQQBEAFEAQQBPAFEAQQB5AEEARABjAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1083	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e377c611-13ad-4d75-ac11-6921c13f95dd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=badc9a0d-e7c0-42e3-9ee2-107cb2480867 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1082	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e3ec5609-623c-4c29-89e2-56bf1eb38359 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b5cdc59c-505e-441d-97e8-939eebccd40a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1081	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e3ec5609-623c-4c29-89e2-56bf1eb38359 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1080	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e3ec5609-623c-4c29-89e2-56bf1eb38359 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1079	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e3ec5609-623c-4c29-89e2-56bf1eb38359 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1078	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e3ec5609-623c-4c29-89e2-56bf1eb38359 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1077	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e3ec5609-623c-4c29-89e2-56bf1eb38359 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1076	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e3ec5609-623c-4c29-89e2-56bf1eb38359 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1075	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e3ec5609-623c-4c29-89e2-56bf1eb38359 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1074	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e3ec5609-623c-4c29-89e2-56bf1eb38359 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1073	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e377c611-13ad-4d75-ac11-6921c13f95dd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=badc9a0d-e7c0-42e3-9ee2-107cb2480867 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1072	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e377c611-13ad-4d75-ac11-6921c13f95dd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1071	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e377c611-13ad-4d75-ac11-6921c13f95dd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1070	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e377c611-13ad-4d75-ac11-6921c13f95dd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1069	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e377c611-13ad-4d75-ac11-6921c13f95dd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1068	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e377c611-13ad-4d75-ac11-6921c13f95dd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1067	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e377c611-13ad-4d75-ac11-6921c13f95dd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1066	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=de376cc0-f313-4f16-a1b4-11459569e54d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2a6942e0-9485-4745-b896-7c4e13bb8268 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1065	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f52a3175-f38f-4f30-84fe-c946b7d79344 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA= EngineVersion=5.1.14393.1944 RunspaceId=2fddd2f7-37e8-4345-933d-661abd5796d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1064	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f52a3175-f38f-4f30-84fe-c946b7d79344 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA= EngineVersion=5.1.14393.1944 RunspaceId=2fddd2f7-37e8-4345-933d-661abd5796d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1063	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f52a3175-f38f-4f30-84fe-c946b7d79344 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1062	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f52a3175-f38f-4f30-84fe-c946b7d79344 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1061	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f52a3175-f38f-4f30-84fe-c946b7d79344 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1060	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f52a3175-f38f-4f30-84fe-c946b7d79344 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1059	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f52a3175-f38f-4f30-84fe-c946b7d79344 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1058	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f52a3175-f38f-4f30-84fe-c946b7d79344 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1057	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=a1dca21a-e0f8-490f-92ac-9bf71d3f79c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5780717c-97e0-45d1-97a8-94500ba9d59d PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1056	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a1dca21a-e0f8-490f-92ac-9bf71d3f79c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5780717c-97e0-45d1-97a8-94500ba9d59d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1055	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a1dca21a-e0f8-490f-92ac-9bf71d3f79c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1054	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a1dca21a-e0f8-490f-92ac-9bf71d3f79c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1053	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a1dca21a-e0f8-490f-92ac-9bf71d3f79c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1052	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a1dca21a-e0f8-490f-92ac-9bf71d3f79c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1051	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a1dca21a-e0f8-490f-92ac-9bf71d3f79c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1050	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a1dca21a-e0f8-490f-92ac-9bf71d3f79c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1049	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a1dca21a-e0f8-490f-92ac-9bf71d3f79c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1048	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a1dca21a-e0f8-490f-92ac-9bf71d3f79c7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1047	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=de376cc0-f313-4f16-a1b4-11459569e54d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2a6942e0-9485-4745-b896-7c4e13bb8268 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1046	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=de376cc0-f313-4f16-a1b4-11459569e54d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1045	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=de376cc0-f313-4f16-a1b4-11459569e54d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1044	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=de376cc0-f313-4f16-a1b4-11459569e54d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1043	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=de376cc0-f313-4f16-a1b4-11459569e54d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1042	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=de376cc0-f313-4f16-a1b4-11459569e54d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1041	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=de376cc0-f313-4f16-a1b4-11459569e54d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1040	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8ef0bc60-fd35-426d-95ea-7bb52743faf7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB5AEEARABBAEEATgB3AEEAdQBBAEQATQBBAEwAUQBBAHkAQQBEAEEAQQBOAHcAQQAyAEEARABFAEEATQBRAEEAeQBBAEQAawBBAE8AQQBBADQAQQBEAFkAQQBNAGcAQQAyAEEARABBAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=0b1a47cf-1144-4516-83d0-e0732a233cc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1039	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c958cf50-b4bf-4b7c-a9ab-03a2793702a6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADAANwAuADMALQAyADAANwA2ADEAMQAyADkAOAA4ADYAMgA2ADAANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=d7938d1a-1cca-4d05-82be-5be3e59e5edd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1038	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c958cf50-b4bf-4b7c-a9ab-03a2793702a6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADAANwAuADMALQAyADAANwA2ADEAMQAyADkAOAA4ADYAMgA2ADAANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=d7938d1a-1cca-4d05-82be-5be3e59e5edd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1037	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c958cf50-b4bf-4b7c-a9ab-03a2793702a6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADAANwAuADMALQAyADAANwA2ADEAMQAyADkAOAA4ADYAMgA2ADAANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1036	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c958cf50-b4bf-4b7c-a9ab-03a2793702a6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADAANwAuADMALQAyADAANwA2ADEAMQAyADkAOAA4ADYAMgA2ADAANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1035	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c958cf50-b4bf-4b7c-a9ab-03a2793702a6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADAANwAuADMALQAyADAANwA2ADEAMQAyADkAOAA4ADYAMgA2ADAANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1034	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c958cf50-b4bf-4b7c-a9ab-03a2793702a6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADAANwAuADMALQAyADAANwA2ADEAMQAyADkAOAA4ADYAMgA2ADAANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1033	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c958cf50-b4bf-4b7c-a9ab-03a2793702a6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADAANwAuADMALQAyADAANwA2ADEAMQAyADkAOAA4ADYAMgA2ADAANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1032	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c958cf50-b4bf-4b7c-a9ab-03a2793702a6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADAANwAuADMALQAyADAANwA2ADEAMQAyADkAOAA4ADYAMgA2ADAANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1031	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8ef0bc60-fd35-426d-95ea-7bb52743faf7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB5AEEARABBAEEATgB3AEEAdQBBAEQATQBBAEwAUQBBAHkAQQBEAEEAQQBOAHcAQQAyAEEARABFAEEATQBRAEEAeQBBAEQAawBBAE8AQQBBADQAQQBEAFkAQQBNAGcAQQAyAEEARABBAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=0b1a47cf-1144-4516-83d0-e0732a233cc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1030	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8ef0bc60-fd35-426d-95ea-7bb52743faf7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB5AEEARABBAEEATgB3AEEAdQBBAEQATQBBAEwAUQBBAHkAQQBEAEEAQQBOAHcAQQAyAEEARABFAEEATQBRAEEAeQBBAEQAawBBAE8AQQBBADQAQQBEAFkAQQBNAGcAQQAyAEEARABBAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1029	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8ef0bc60-fd35-426d-95ea-7bb52743faf7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB5AEEARABBAEEATgB3AEEAdQBBAEQATQBBAEwAUQBBAHkAQQBEAEEAQQBOAHcAQQAyAEEARABFAEEATQBRAEEAeQBBAEQAawBBAE8AQQBBADQAQQBEAFkAQQBNAGcAQQAyAEEARABBAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1028	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8ef0bc60-fd35-426d-95ea-7bb52743faf7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB5AEEARABBAEEATgB3AEEAdQBBAEQATQBBAEwAUQBBAHkAQQBEAEEAQQBOAHcAQQAyAEEARABFAEEATQBRAEEAeQBBAEQAawBBAE8AQQBBADQAQQBEAFkAQQBNAGcAQQAyAEEARABBAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1027	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8ef0bc60-fd35-426d-95ea-7bb52743faf7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB5AEEARABBAEEATgB3AEEAdQBBAEQATQBBAEwAUQBBAHkAQQBEAEEAQQBOAHcAQQAyAEEARABFAEEATQBRAEEAeQBBAEQAawBBAE8AQQBBADQAQQBEAFkAQQBNAGcAQQAyAEEARABBAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1026	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8ef0bc60-fd35-426d-95ea-7bb52743faf7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB5AEEARABBAEEATgB3AEEAdQBBAEQATQBBAEwAUQBBAHkAQQBEAEEAQQBOAHcAQQAyAEEARABFAEEATQBRAEEAeQBBAEQAawBBAE8AQQBBADQAQQBEAFkAQQBNAGcAQQAyAEEARABBAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1025	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8ef0bc60-fd35-426d-95ea-7bb52743faf7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB5AEEARABBAEEATgB3AEEAdQBBAEQATQBBAEwAUQBBAHkAQQBEAEEAQQBOAHcAQQAyAEEARABFAEEATQBRAEEAeQBBAEQAawBBAE8AQQBBADQAQQBEAFkAQQBNAGcAQQAyAEEARABBAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1024	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=550f2fa1-d5d0-429a-b325-9ac9693a46c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=20ac8205-2b3c-455d-b510-eb08456bc828 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1023	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0d415efc-6b77-4ed3-a2f4-1e8549289a19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=cd83f149-75ac-4302-8e6f-907cc4b29c48 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1022	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0d415efc-6b77-4ed3-a2f4-1e8549289a19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1021	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0d415efc-6b77-4ed3-a2f4-1e8549289a19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1020	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0d415efc-6b77-4ed3-a2f4-1e8549289a19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1019	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0d415efc-6b77-4ed3-a2f4-1e8549289a19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1018	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0d415efc-6b77-4ed3-a2f4-1e8549289a19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1017	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0d415efc-6b77-4ed3-a2f4-1e8549289a19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1016	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0d415efc-6b77-4ed3-a2f4-1e8549289a19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1015	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0d415efc-6b77-4ed3-a2f4-1e8549289a19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1014	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=550f2fa1-d5d0-429a-b325-9ac9693a46c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=20ac8205-2b3c-455d-b510-eb08456bc828 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1013	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=550f2fa1-d5d0-429a-b325-9ac9693a46c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1012	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=550f2fa1-d5d0-429a-b325-9ac9693a46c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1011	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=550f2fa1-d5d0-429a-b325-9ac9693a46c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1010	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=550f2fa1-d5d0-429a-b325-9ac9693a46c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1009	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=550f2fa1-d5d0-429a-b325-9ac9693a46c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1008	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=550f2fa1-d5d0-429a-b325-9ac9693a46c3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1007	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d211a6e2-9692-4a65-8b1c-590af692b90e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADAANwAuADMALQAyADAANwA2ADEAMQAyADkAOAA4ADYAMgA2ADAANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=a864b454-9024-4a71-8315-3040b857490a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1006	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d211a6e2-9692-4a65-8b1c-590af692b90e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADAANwAuADMALQAyADAANwA2ADEAMQAyADkAOAA4ADYAMgA2ADAANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=a864b454-9024-4a71-8315-3040b857490a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1005	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d211a6e2-9692-4a65-8b1c-590af692b90e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADAANwAuADMALQAyADAANwA2ADEAMQAyADkAOAA4ADYAMgA2ADAANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1004	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d211a6e2-9692-4a65-8b1c-590af692b90e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADAANwAuADMALQAyADAANwA2ADEAMQAyADkAOAA4ADYAMgA2ADAANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1003	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d211a6e2-9692-4a65-8b1c-590af692b90e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADAANwAuADMALQAyADAANwA2ADEAMQAyADkAOAA4ADYAMgA2ADAANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1002	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d211a6e2-9692-4a65-8b1c-590af692b90e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADAANwAuADMALQAyADAANwA2ADEAMQAyADkAOAA4ADYAMgA2ADAANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1001	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d211a6e2-9692-4a65-8b1c-590af692b90e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADAANwAuADMALQAyADAANwA2ADEAMQAyADkAOAA4ADYAMgA2ADAANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1000	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d211a6e2-9692-4a65-8b1c-590af692b90e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAyADAANwAuADMALQAyADAANwA2ADEAMQAyADkAOAA4ADYAMgA2ADAANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	999	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b8a2169-0215-45b3-8b42-d9fa518b9aac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEkAQQBNAEEAQQAzAEEAQwA0AEEATQB3AEEAdABBAEQASQBBAE0AQQBBADMAQQBEAFkAQQBNAFEAQQB4AEEARABJAEEATwBRAEEANABBAEQAZwBBAE4AZwBBAHkAQQBEAFkAQQBNAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=981087cd-a485-46d4-934e-802ae811e566 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	998	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa5b9f6c-5e54-4c13-bc0d-90eab6a0bb04 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADIAMAA3AC4AMwAtADIAMAA3ADYAMQAxADIAOQA4ADgANgAyADYAMAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=a47bd52b-3412-4cd9-88bb-da15a7f31906 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	997	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa5b9f6c-5e54-4c13-bc0d-90eab6a0bb04 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADIAMAA3AC4AMwAtADIAMAA3ADYAMQAxADIAOQA4ADgANgAyADYAMAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=a47bd52b-3412-4cd9-88bb-da15a7f31906 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	996	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa5b9f6c-5e54-4c13-bc0d-90eab6a0bb04 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADIAMAA3AC4AMwAtADIAMAA3ADYAMQAxADIAOQA4ADgANgAyADYAMAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	995	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa5b9f6c-5e54-4c13-bc0d-90eab6a0bb04 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADIAMAA3AC4AMwAtADIAMAA3ADYAMQAxADIAOQA4ADgANgAyADYAMAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	994	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa5b9f6c-5e54-4c13-bc0d-90eab6a0bb04 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADIAMAA3AC4AMwAtADIAMAA3ADYAMQAxADIAOQA4ADgANgAyADYAMAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	993	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa5b9f6c-5e54-4c13-bc0d-90eab6a0bb04 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADIAMAA3AC4AMwAtADIAMAA3ADYAMQAxADIAOQA4ADgANgAyADYAMAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	992	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa5b9f6c-5e54-4c13-bc0d-90eab6a0bb04 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADIAMAA3AC4AMwAtADIAMAA3ADYAMQAxADIAOQA4ADgANgAyADYAMAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	991	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa5b9f6c-5e54-4c13-bc0d-90eab6a0bb04 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADIAMAA3AC4AMwAtADIAMAA3ADYAMQAxADIAOQA4ADgANgAyADYAMAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	990	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b8a2169-0215-45b3-8b42-d9fa518b9aac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEkAQQBNAEEAQQAzAEEAQwA0AEEATQB3AEEAdABBAEQASQBBAE0AQQBBADMAQQBEAFkAQQBNAFEAQQB4AEEARABJAEEATwBRAEEANABBAEQAZwBBAE4AZwBBAHkAQQBEAFkAQQBNAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=981087cd-a485-46d4-934e-802ae811e566 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	989	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b8a2169-0215-45b3-8b42-d9fa518b9aac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEkAQQBNAEEAQQAzAEEAQwA0AEEATQB3AEEAdABBAEQASQBBAE0AQQBBADMAQQBEAFkAQQBNAFEAQQB4AEEARABJAEEATwBRAEEANABBAEQAZwBBAE4AZwBBAHkAQQBEAFkAQQBNAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	988	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b8a2169-0215-45b3-8b42-d9fa518b9aac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEkAQQBNAEEAQQAzAEEAQwA0AEEATQB3AEEAdABBAEQASQBBAE0AQQBBADMAQQBEAFkAQQBNAFEAQQB4AEEARABJAEEATwBRAEEANABBAEQAZwBBAE4AZwBBAHkAQQBEAFkAQQBNAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	987	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b8a2169-0215-45b3-8b42-d9fa518b9aac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEkAQQBNAEEAQQAzAEEAQwA0AEEATQB3AEEAdABBAEQASQBBAE0AQQBBADMAQQBEAFkAQQBNAFEAQQB4AEEARABJAEEATwBRAEEANABBAEQAZwBBAE4AZwBBAHkAQQBEAFkAQQBNAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	986	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b8a2169-0215-45b3-8b42-d9fa518b9aac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEkAQQBNAEEAQQAzAEEAQwA0AEEATQB3AEEAdABBAEQASQBBAE0AQQBBADMAQQBEAFkAQQBNAFEAQQB4AEEARABJAEEATwBRAEEANABBAEQAZwBBAE4AZwBBAHkAQQBEAFkAQQBNAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	985	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b8a2169-0215-45b3-8b42-d9fa518b9aac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEkAQQBNAEEAQQAzAEEAQwA0AEEATQB3AEEAdABBAEQASQBBAE0AQQBBADMAQQBEAFkAQQBNAFEAQQB4AEEARABJAEEATwBRAEEANABBAEQAZwBBAE4AZwBBAHkAQQBEAFkAQQBNAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	984	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b8a2169-0215-45b3-8b42-d9fa518b9aac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEkAQQBNAEEAQQAzAEEAQwA0AEEATQB3AEEAdABBAEQASQBBAE0AQQBBADMAQQBEAFkAQQBNAFEAQQB4AEEARABJAEEATwBRAEEANABBAEQAZwBBAE4AZwBBAHkAQQBEAFkAQQBNAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	983	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88224f48-41a6-4dd0-a1f4-efa1ad3580da HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=35d221a4-96c2-4904-af30-79d9430e77e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	982	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a849e943-27c8-45f2-929c-0858bd9bb6e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c0b2d561-d149-4900-a802-eb887bd4aa1e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	981	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a849e943-27c8-45f2-929c-0858bd9bb6e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	980	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a849e943-27c8-45f2-929c-0858bd9bb6e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	979	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a849e943-27c8-45f2-929c-0858bd9bb6e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	978	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a849e943-27c8-45f2-929c-0858bd9bb6e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	977	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a849e943-27c8-45f2-929c-0858bd9bb6e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	976	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a849e943-27c8-45f2-929c-0858bd9bb6e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	975	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a849e943-27c8-45f2-929c-0858bd9bb6e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	974	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a849e943-27c8-45f2-929c-0858bd9bb6e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	973	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88224f48-41a6-4dd0-a1f4-efa1ad3580da HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=35d221a4-96c2-4904-af30-79d9430e77e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	972	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88224f48-41a6-4dd0-a1f4-efa1ad3580da HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	971	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88224f48-41a6-4dd0-a1f4-efa1ad3580da HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	970	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88224f48-41a6-4dd0-a1f4-efa1ad3580da HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	969	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88224f48-41a6-4dd0-a1f4-efa1ad3580da HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	968	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88224f48-41a6-4dd0-a1f4-efa1ad3580da HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	967	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88224f48-41a6-4dd0-a1f4-efa1ad3580da HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	966	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6377b7ad-c62c-49bc-b7cf-6c24d7007889 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1a1fa4d4-8c60-47ca-91ed-1a0a52561163 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	965	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=150151f2-17fb-4013-8c20-ff7212078e12 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=41b25f1f-4bf8-4711-94ff-e1a4d827a369 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $webclient_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } }"	800		0	4	8		36028797018963968	964	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=150151f2-17fb-4013-8c20-ff7212078e12 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=41b25f1f-4bf8-4711-94ff-e1a4d827a369 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	963	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=150151f2-17fb-4013-8c20-ff7212078e12 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	962	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=150151f2-17fb-4013-8c20-ff7212078e12 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	961	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=150151f2-17fb-4013-8c20-ff7212078e12 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	960	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=150151f2-17fb-4013-8c20-ff7212078e12 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	959	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=150151f2-17fb-4013-8c20-ff7212078e12 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	958	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=150151f2-17fb-4013-8c20-ff7212078e12 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	957	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=150151f2-17fb-4013-8c20-ff7212078e12 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	956	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=150151f2-17fb-4013-8c20-ff7212078e12 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	955	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6377b7ad-c62c-49bc-b7cf-6c24d7007889 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1a1fa4d4-8c60-47ca-91ed-1a0a52561163 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	954	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6377b7ad-c62c-49bc-b7cf-6c24d7007889 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	953	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6377b7ad-c62c-49bc-b7cf-6c24d7007889 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	952	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6377b7ad-c62c-49bc-b7cf-6c24d7007889 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	951	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6377b7ad-c62c-49bc-b7cf-6c24d7007889 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	950	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6377b7ad-c62c-49bc-b7cf-6c24d7007889 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	949	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6377b7ad-c62c-49bc-b7cf-6c24d7007889 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	948	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52d46203-97c2-4e42-bbb0-4c5b702d678c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=904f4364-7477-4aca-946a-f81c52ba6394 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	947	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8a14bd40-87f7-4547-8a12-b238b36a29c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=179b86a1-6408-4275-ac6a-8441487c89d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	946	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8a14bd40-87f7-4547-8a12-b238b36a29c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	945	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8a14bd40-87f7-4547-8a12-b238b36a29c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	944	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8a14bd40-87f7-4547-8a12-b238b36a29c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	943	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8a14bd40-87f7-4547-8a12-b238b36a29c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	942	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8a14bd40-87f7-4547-8a12-b238b36a29c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	941	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8a14bd40-87f7-4547-8a12-b238b36a29c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	940	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8a14bd40-87f7-4547-8a12-b238b36a29c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	939	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8a14bd40-87f7-4547-8a12-b238b36a29c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	938	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52d46203-97c2-4e42-bbb0-4c5b702d678c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=904f4364-7477-4aca-946a-f81c52ba6394 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	937	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52d46203-97c2-4e42-bbb0-4c5b702d678c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	936	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52d46203-97c2-4e42-bbb0-4c5b702d678c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	935	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52d46203-97c2-4e42-bbb0-4c5b702d678c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	934	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52d46203-97c2-4e42-bbb0-4c5b702d678c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	933	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52d46203-97c2-4e42-bbb0-4c5b702d678c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	932	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52d46203-97c2-4e42-bbb0-4c5b702d678c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	931	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c684a38e-27c6-4c00-916a-46f6702ba935 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fa4ea257-4901-491c-9952-923a55253538 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	930	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:23:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa0afcfa-3fb1-41de-9346-692e8623cf8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9771608c-0227-4e4e-b855-403cd3aa431b PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"	800		0	4	8		36028797018963968	929	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa0afcfa-3fb1-41de-9346-692e8623cf8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9771608c-0227-4e4e-b855-403cd3aa431b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	928	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa0afcfa-3fb1-41de-9346-692e8623cf8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	927	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa0afcfa-3fb1-41de-9346-692e8623cf8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	926	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa0afcfa-3fb1-41de-9346-692e8623cf8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	925	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa0afcfa-3fb1-41de-9346-692e8623cf8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	924	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa0afcfa-3fb1-41de-9346-692e8623cf8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	923	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa0afcfa-3fb1-41de-9346-692e8623cf8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	922	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa0afcfa-3fb1-41de-9346-692e8623cf8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	921	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa0afcfa-3fb1-41de-9346-692e8623cf8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	920	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c684a38e-27c6-4c00-916a-46f6702ba935 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fa4ea257-4901-491c-9952-923a55253538 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	919	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c684a38e-27c6-4c00-916a-46f6702ba935 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	918	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c684a38e-27c6-4c00-916a-46f6702ba935 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	917	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c684a38e-27c6-4c00-916a-46f6702ba935 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	916	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c684a38e-27c6-4c00-916a-46f6702ba935 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	915	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c684a38e-27c6-4c00-916a-46f6702ba935 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	914	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c684a38e-27c6-4c00-916a-46f6702ba935 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	913	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e2a6c24-7687-49eb-acee-699667dd609d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7bc7b21d-3f5c-4a2a-b61a-8af1e221fb6e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	912	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3905a89-ddc8-44e0-9a5b-ee799c59b788 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2505b21d-7f2a-4193-b2a7-c0279239992c PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $webclient_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } }"	800		0	4	8		36028797018963968	911	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3905a89-ddc8-44e0-9a5b-ee799c59b788 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2505b21d-7f2a-4193-b2a7-c0279239992c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	910	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3905a89-ddc8-44e0-9a5b-ee799c59b788 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	909	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3905a89-ddc8-44e0-9a5b-ee799c59b788 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	908	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3905a89-ddc8-44e0-9a5b-ee799c59b788 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	907	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3905a89-ddc8-44e0-9a5b-ee799c59b788 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	906	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3905a89-ddc8-44e0-9a5b-ee799c59b788 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	905	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3905a89-ddc8-44e0-9a5b-ee799c59b788 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	904	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3905a89-ddc8-44e0-9a5b-ee799c59b788 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	903	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3905a89-ddc8-44e0-9a5b-ee799c59b788 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	902	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e2a6c24-7687-49eb-acee-699667dd609d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7bc7b21d-3f5c-4a2a-b61a-8af1e221fb6e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	901	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e2a6c24-7687-49eb-acee-699667dd609d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	900	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e2a6c24-7687-49eb-acee-699667dd609d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	899	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e2a6c24-7687-49eb-acee-699667dd609d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	898	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e2a6c24-7687-49eb-acee-699667dd609d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	897	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e2a6c24-7687-49eb-acee-699667dd609d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	896	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e2a6c24-7687-49eb-acee-699667dd609d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	895	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=30ec76e9-1c2e-4fed-9e7f-f211c05f8f67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=87431327-0ce9-497c-9636-84d710d7acee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	894	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ee8c7d8f-190b-4571-ae31-20c673861960 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=50836c96-9b7a-43f1-a739-17a837bfad81 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	893	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ee8c7d8f-190b-4571-ae31-20c673861960 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	892	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ee8c7d8f-190b-4571-ae31-20c673861960 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	891	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ee8c7d8f-190b-4571-ae31-20c673861960 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	890	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ee8c7d8f-190b-4571-ae31-20c673861960 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	889	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ee8c7d8f-190b-4571-ae31-20c673861960 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	888	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ee8c7d8f-190b-4571-ae31-20c673861960 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	887	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ee8c7d8f-190b-4571-ae31-20c673861960 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	886	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ee8c7d8f-190b-4571-ae31-20c673861960 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	885	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=30ec76e9-1c2e-4fed-9e7f-f211c05f8f67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=87431327-0ce9-497c-9636-84d710d7acee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	884	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=30ec76e9-1c2e-4fed-9e7f-f211c05f8f67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	883	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=30ec76e9-1c2e-4fed-9e7f-f211c05f8f67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	882	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=30ec76e9-1c2e-4fed-9e7f-f211c05f8f67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	881	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=30ec76e9-1c2e-4fed-9e7f-f211c05f8f67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	880	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=30ec76e9-1c2e-4fed-9e7f-f211c05f8f67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	879	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=30ec76e9-1c2e-4fed-9e7f-f211c05f8f67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	878	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=760748be-c7f0-46a4-bb1f-62deaf672339 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=90413479-13f7-4d33-8672-87a4f428c1d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	877	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5ecf85b0-18d4-4ff6-b0df-3f90259d9e8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d47712c8-2146-4205-af74-60767cf879fb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	876	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5ecf85b0-18d4-4ff6-b0df-3f90259d9e8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	875	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5ecf85b0-18d4-4ff6-b0df-3f90259d9e8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	874	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5ecf85b0-18d4-4ff6-b0df-3f90259d9e8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	873	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5ecf85b0-18d4-4ff6-b0df-3f90259d9e8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	872	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5ecf85b0-18d4-4ff6-b0df-3f90259d9e8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	871	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5ecf85b0-18d4-4ff6-b0df-3f90259d9e8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	870	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5ecf85b0-18d4-4ff6-b0df-3f90259d9e8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	869	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5ecf85b0-18d4-4ff6-b0df-3f90259d9e8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	868	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=760748be-c7f0-46a4-bb1f-62deaf672339 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=90413479-13f7-4d33-8672-87a4f428c1d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	867	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=760748be-c7f0-46a4-bb1f-62deaf672339 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	866	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=760748be-c7f0-46a4-bb1f-62deaf672339 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	865	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=760748be-c7f0-46a4-bb1f-62deaf672339 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	864	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=760748be-c7f0-46a4-bb1f-62deaf672339 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	863	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=760748be-c7f0-46a4-bb1f-62deaf672339 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	862	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=760748be-c7f0-46a4-bb1f-62deaf672339 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	861	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=02f39a39-2378-4119-9fac-efecb56db340 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=212715ff-f4da-44c8-8592-b7306b3ea9ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	860	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=d11f7863-19c3-44b6-ac2c-074f9b5f910d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3dd8749c-869c-432c-a85c-248d18dadecf PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"	800		0	4	8		36028797018963968	859	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d11f7863-19c3-44b6-ac2c-074f9b5f910d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3dd8749c-869c-432c-a85c-248d18dadecf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	858	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d11f7863-19c3-44b6-ac2c-074f9b5f910d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	857	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d11f7863-19c3-44b6-ac2c-074f9b5f910d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	856	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d11f7863-19c3-44b6-ac2c-074f9b5f910d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	855	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d11f7863-19c3-44b6-ac2c-074f9b5f910d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	854	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d11f7863-19c3-44b6-ac2c-074f9b5f910d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	853	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d11f7863-19c3-44b6-ac2c-074f9b5f910d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	852	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d11f7863-19c3-44b6-ac2c-074f9b5f910d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	851	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d11f7863-19c3-44b6-ac2c-074f9b5f910d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	850	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=02f39a39-2378-4119-9fac-efecb56db340 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=212715ff-f4da-44c8-8592-b7306b3ea9ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	849	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=02f39a39-2378-4119-9fac-efecb56db340 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	848	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=02f39a39-2378-4119-9fac-efecb56db340 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	847	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=02f39a39-2378-4119-9fac-efecb56db340 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	846	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=02f39a39-2378-4119-9fac-efecb56db340 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	845	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=02f39a39-2378-4119-9fac-efecb56db340 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	844	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=02f39a39-2378-4119-9fac-efecb56db340 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	843	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c93a291a-e105-4ca7-aa9d-eef1036e664e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a83b965a-2ac4-4a42-9f3d-192007587df0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	842	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=9d635ad9-cf2f-4dee-b1e0-ddb65fb89629 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=72ab7841-9f2e-4e57-9445-8c1314160dd4 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $webclient_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } }"	800		0	4	8		36028797018963968	841	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9d635ad9-cf2f-4dee-b1e0-ddb65fb89629 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=72ab7841-9f2e-4e57-9445-8c1314160dd4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	840	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9d635ad9-cf2f-4dee-b1e0-ddb65fb89629 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	839	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9d635ad9-cf2f-4dee-b1e0-ddb65fb89629 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	838	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9d635ad9-cf2f-4dee-b1e0-ddb65fb89629 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	837	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9d635ad9-cf2f-4dee-b1e0-ddb65fb89629 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	836	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9d635ad9-cf2f-4dee-b1e0-ddb65fb89629 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	835	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9d635ad9-cf2f-4dee-b1e0-ddb65fb89629 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	834	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9d635ad9-cf2f-4dee-b1e0-ddb65fb89629 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	833	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9d635ad9-cf2f-4dee-b1e0-ddb65fb89629 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	832	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c93a291a-e105-4ca7-aa9d-eef1036e664e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a83b965a-2ac4-4a42-9f3d-192007587df0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	831	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c93a291a-e105-4ca7-aa9d-eef1036e664e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	830	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c93a291a-e105-4ca7-aa9d-eef1036e664e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	829	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c93a291a-e105-4ca7-aa9d-eef1036e664e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	828	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c93a291a-e105-4ca7-aa9d-eef1036e664e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	827	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c93a291a-e105-4ca7-aa9d-eef1036e664e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	826	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c93a291a-e105-4ca7-aa9d-eef1036e664e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	825	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=58ad7ba9-0e33-464c-994a-fdb3f233d85b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f346902e-28a9-471d-98c9-303cf47f2ca9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	824	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=144bc9da-ec81-49c0-aa4c-5117c6b40627 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9dded98d-8eff-42da-a824-10393791c6a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	823	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=144bc9da-ec81-49c0-aa4c-5117c6b40627 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	822	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=144bc9da-ec81-49c0-aa4c-5117c6b40627 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	821	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=144bc9da-ec81-49c0-aa4c-5117c6b40627 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	820	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=144bc9da-ec81-49c0-aa4c-5117c6b40627 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	819	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=144bc9da-ec81-49c0-aa4c-5117c6b40627 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	818	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=144bc9da-ec81-49c0-aa4c-5117c6b40627 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	817	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=144bc9da-ec81-49c0-aa4c-5117c6b40627 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	816	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=144bc9da-ec81-49c0-aa4c-5117c6b40627 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	815	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=58ad7ba9-0e33-464c-994a-fdb3f233d85b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f346902e-28a9-471d-98c9-303cf47f2ca9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	814	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=58ad7ba9-0e33-464c-994a-fdb3f233d85b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	813	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=58ad7ba9-0e33-464c-994a-fdb3f233d85b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	812	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=58ad7ba9-0e33-464c-994a-fdb3f233d85b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	811	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=58ad7ba9-0e33-464c-994a-fdb3f233d85b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	810	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=58ad7ba9-0e33-464c-994a-fdb3f233d85b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	809	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=58ad7ba9-0e33-464c-994a-fdb3f233d85b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	808	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88f314ff-96a6-41c9-9062-4934d6773010 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABJAEEATgBnAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBNAFEAQQAxAEEARABRAEEATQBBAEEAMABBAEQAVQBBAE4AZwBBAHoAQQBEAEUAQQBPAEEAQQAzAEEARABVAEEATQBBAEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=26888086-79dd-42ce-ad29-3b1f15e2eb36 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	807	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51607186-e0e9-4a71-80d0-72e25c72aa53 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIANgAuADMANwAtADEAMQA1ADQAMAA0ADUANgAzADEAOAA3ADUAMAA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=b0065805-f29d-4274-b49d-86c0e5e25977 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	806	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51607186-e0e9-4a71-80d0-72e25c72aa53 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIANgAuADMANwAtADEAMQA1ADQAMAA0ADUANgAzADEAOAA3ADUAMAA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=b0065805-f29d-4274-b49d-86c0e5e25977 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	805	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51607186-e0e9-4a71-80d0-72e25c72aa53 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIANgAuADMANwAtADEAMQA1ADQAMAA0ADUANgAzADEAOAA3ADUAMAA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	804	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51607186-e0e9-4a71-80d0-72e25c72aa53 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIANgAuADMANwAtADEAMQA1ADQAMAA0ADUANgAzADEAOAA3ADUAMAA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	803	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51607186-e0e9-4a71-80d0-72e25c72aa53 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIANgAuADMANwAtADEAMQA1ADQAMAA0ADUANgAzADEAOAA3ADUAMAA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	802	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51607186-e0e9-4a71-80d0-72e25c72aa53 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIANgAuADMANwAtADEAMQA1ADQAMAA0ADUANgAzADEAOAA3ADUAMAA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	801	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51607186-e0e9-4a71-80d0-72e25c72aa53 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIANgAuADMANwAtADEAMQA1ADQAMAA0ADUANgAzADEAOAA3ADUAMAA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	800	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51607186-e0e9-4a71-80d0-72e25c72aa53 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIANgAuADMANwAtADEAMQA1ADQAMAA0ADUANgAzADEAOAA3ADUAMAA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	799	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88f314ff-96a6-41c9-9062-4934d6773010 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABJAEEATgBnAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBNAFEAQQAxAEEARABRAEEATQBBAEEAMABBAEQAVQBBAE4AZwBBAHoAQQBEAEUAQQBPAEEAQQAzAEEARABVAEEATQBBAEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=26888086-79dd-42ce-ad29-3b1f15e2eb36 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	798	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88f314ff-96a6-41c9-9062-4934d6773010 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABJAEEATgBnAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBNAFEAQQAxAEEARABRAEEATQBBAEEAMABBAEQAVQBBAE4AZwBBAHoAQQBEAEUAQQBPAEEAQQAzAEEARABVAEEATQBBAEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	797	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88f314ff-96a6-41c9-9062-4934d6773010 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABJAEEATgBnAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBNAFEAQQAxAEEARABRAEEATQBBAEEAMABBAEQAVQBBAE4AZwBBAHoAQQBEAEUAQQBPAEEAQQAzAEEARABVAEEATQBBAEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	796	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88f314ff-96a6-41c9-9062-4934d6773010 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABJAEEATgBnAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBNAFEAQQAxAEEARABRAEEATQBBAEEAMABBAEQAVQBBAE4AZwBBAHoAQQBEAEUAQQBPAEEAQQAzAEEARABVAEEATQBBAEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	795	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88f314ff-96a6-41c9-9062-4934d6773010 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABJAEEATgBnAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBNAFEAQQAxAEEARABRAEEATQBBAEEAMABBAEQAVQBBAE4AZwBBAHoAQQBEAEUAQQBPAEEAQQAzAEEARABVAEEATQBBAEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	794	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88f314ff-96a6-41c9-9062-4934d6773010 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABJAEEATgBnAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBNAFEAQQAxAEEARABRAEEATQBBAEEAMABBAEQAVQBBAE4AZwBBAHoAQQBEAEUAQQBPAEEAQQAzAEEARABVAEEATQBBAEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	793	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88f314ff-96a6-41c9-9062-4934d6773010 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABJAEEATgBnAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBNAFEAQQAxAEEARABRAEEATQBBAEEAMABBAEQAVQBBAE4AZwBBAHoAQQBEAEUAQQBPAEEAQQAzAEEARABVAEEATQBBAEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	792	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=808f1a06-4321-4460-a4ef-927963e8e629 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=642adc61-2e75-479e-a8db-1ec1c37c0fe5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	791	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=411fab0e-726a-443f-842f-80d4f123254d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7eb0254e-0cd3-48b6-a291-0d060cde3603 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	790	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=411fab0e-726a-443f-842f-80d4f123254d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	789	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=411fab0e-726a-443f-842f-80d4f123254d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	788	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=411fab0e-726a-443f-842f-80d4f123254d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	787	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=411fab0e-726a-443f-842f-80d4f123254d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	786	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=411fab0e-726a-443f-842f-80d4f123254d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	785	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=411fab0e-726a-443f-842f-80d4f123254d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	784	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=411fab0e-726a-443f-842f-80d4f123254d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	783	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=411fab0e-726a-443f-842f-80d4f123254d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	782	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=808f1a06-4321-4460-a4ef-927963e8e629 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=642adc61-2e75-479e-a8db-1ec1c37c0fe5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	781	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=808f1a06-4321-4460-a4ef-927963e8e629 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	780	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=808f1a06-4321-4460-a4ef-927963e8e629 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	779	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=808f1a06-4321-4460-a4ef-927963e8e629 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	778	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=808f1a06-4321-4460-a4ef-927963e8e629 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	777	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=808f1a06-4321-4460-a4ef-927963e8e629 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	776	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=808f1a06-4321-4460-a4ef-927963e8e629 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	775	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f616a47e-0cf6-4c00-b9fb-d542ab2cfa62 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIANgAuADMANwAtADEAMQA1ADQAMAA0ADUANgAzADEAOAA3ADUAMAA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=498c3016-972c-42dd-8c81-edbffed2b11d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	774	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f616a47e-0cf6-4c00-b9fb-d542ab2cfa62 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIANgAuADMANwAtADEAMQA1ADQAMAA0ADUANgAzADEAOAA3ADUAMAA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=498c3016-972c-42dd-8c81-edbffed2b11d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	773	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f616a47e-0cf6-4c00-b9fb-d542ab2cfa62 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIANgAuADMANwAtADEAMQA1ADQAMAA0ADUANgAzADEAOAA3ADUAMAA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	772	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f616a47e-0cf6-4c00-b9fb-d542ab2cfa62 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIANgAuADMANwAtADEAMQA1ADQAMAA0ADUANgAzADEAOAA3ADUAMAA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	771	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f616a47e-0cf6-4c00-b9fb-d542ab2cfa62 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIANgAuADMANwAtADEAMQA1ADQAMAA0ADUANgAzADEAOAA3ADUAMAA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	770	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f616a47e-0cf6-4c00-b9fb-d542ab2cfa62 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIANgAuADMANwAtADEAMQA1ADQAMAA0ADUANgAzADEAOAA3ADUAMAA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	769	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f616a47e-0cf6-4c00-b9fb-d542ab2cfa62 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIANgAuADMANwAtADEAMQA1ADQAMAA0ADUANgAzADEAOAA3ADUAMAA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	768	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f616a47e-0cf6-4c00-b9fb-d542ab2cfa62 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIANgAuADMANwAtADEAMQA1ADQAMAA0ADUANgAzADEAOAA3ADUAMAA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	767	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d8b4e23c-2536-431b-ac46-cef49dc2e643 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4a857870-0fa5-48b5-8ec9-c025dabc4078 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	766	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=be8eb6aa-6142-4148-805c-2bbce2079285 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3feb5900-6a9c-42d7-b8e1-b0a413e43dd5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	765	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=be8eb6aa-6142-4148-805c-2bbce2079285 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	764	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=be8eb6aa-6142-4148-805c-2bbce2079285 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	763	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=be8eb6aa-6142-4148-805c-2bbce2079285 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	762	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=be8eb6aa-6142-4148-805c-2bbce2079285 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	761	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=be8eb6aa-6142-4148-805c-2bbce2079285 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	760	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=be8eb6aa-6142-4148-805c-2bbce2079285 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	759	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=be8eb6aa-6142-4148-805c-2bbce2079285 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	758	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=be8eb6aa-6142-4148-805c-2bbce2079285 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	757	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d8b4e23c-2536-431b-ac46-cef49dc2e643 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4a857870-0fa5-48b5-8ec9-c025dabc4078 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	756	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d8b4e23c-2536-431b-ac46-cef49dc2e643 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	755	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d8b4e23c-2536-431b-ac46-cef49dc2e643 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	754	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d8b4e23c-2536-431b-ac46-cef49dc2e643 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	753	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d8b4e23c-2536-431b-ac46-cef49dc2e643 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	752	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d8b4e23c-2536-431b-ac46-cef49dc2e643 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	751	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d8b4e23c-2536-431b-ac46-cef49dc2e643 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	750	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ce60c60c-9f10-4b43-992a-7a008096aa64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAGcAQQAyAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBAHgAQQBEAFUAQQBOAEEAQQB3AEEARABRAEEATgBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAGMAQQBOAFEAQQB3AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=0019af3a-b082-4cd4-a5c6-fbe988d0300f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	749	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53824dd1-a532-4a34-b8c5-16d29bbe3db8 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMgA2AC4AMwA3AC0AMQAxADUANAAwADQANQA2ADMAMQA4ADcANQAwADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=ab99c3b9-7e49-40bc-a071-b73fb629745b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	748	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53824dd1-a532-4a34-b8c5-16d29bbe3db8 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMgA2AC4AMwA3AC0AMQAxADUANAAwADQANQA2ADMAMQA4ADcANQAwADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=ab99c3b9-7e49-40bc-a071-b73fb629745b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	747	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53824dd1-a532-4a34-b8c5-16d29bbe3db8 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMgA2AC4AMwA3AC0AMQAxADUANAAwADQANQA2ADMAMQA4ADcANQAwADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	746	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53824dd1-a532-4a34-b8c5-16d29bbe3db8 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMgA2AC4AMwA3AC0AMQAxADUANAAwADQANQA2ADMAMQA4ADcANQAwADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	745	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53824dd1-a532-4a34-b8c5-16d29bbe3db8 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMgA2AC4AMwA3AC0AMQAxADUANAAwADQANQA2ADMAMQA4ADcANQAwADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	744	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53824dd1-a532-4a34-b8c5-16d29bbe3db8 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMgA2AC4AMwA3AC0AMQAxADUANAAwADQANQA2ADMAMQA4ADcANQAwADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	743	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53824dd1-a532-4a34-b8c5-16d29bbe3db8 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMgA2AC4AMwA3AC0AMQAxADUANAAwADQANQA2ADMAMQA4ADcANQAwADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	742	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53824dd1-a532-4a34-b8c5-16d29bbe3db8 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMgA2AC4AMwA3AC0AMQAxADUANAAwADQANQA2ADMAMQA4ADcANQAwADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	741	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ce60c60c-9f10-4b43-992a-7a008096aa64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAGcAQQAyAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBAHgAQQBEAFUAQQBOAEEAQQB3AEEARABRAEEATgBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAGMAQQBOAFEAQQB3AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=0019af3a-b082-4cd4-a5c6-fbe988d0300f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	740	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ce60c60c-9f10-4b43-992a-7a008096aa64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAGcAQQAyAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBAHgAQQBEAFUAQQBOAEEAQQB3AEEARABRAEEATgBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAGMAQQBOAFEAQQB3AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	739	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ce60c60c-9f10-4b43-992a-7a008096aa64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAGcAQQAyAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBAHgAQQBEAFUAQQBOAEEAQQB3AEEARABRAEEATgBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAGMAQQBOAFEAQQB3AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	738	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ce60c60c-9f10-4b43-992a-7a008096aa64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAGcAQQAyAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBAHgAQQBEAFUAQQBOAEEAQQB3AEEARABRAEEATgBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAGMAQQBOAFEAQQB3AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	737	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ce60c60c-9f10-4b43-992a-7a008096aa64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAGcAQQAyAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBAHgAQQBEAFUAQQBOAEEAQQB3AEEARABRAEEATgBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAGMAQQBOAFEAQQB3AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	736	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ce60c60c-9f10-4b43-992a-7a008096aa64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAGcAQQAyAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBAHgAQQBEAFUAQQBOAEEAQQB3AEEARABRAEEATgBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAGMAQQBOAFEAQQB3AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	735	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ce60c60c-9f10-4b43-992a-7a008096aa64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAGcAQQAyAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBAHgAQQBEAFUAQQBOAEEAQQB3AEEARABRAEEATgBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAGMAQQBOAFEAQQB3AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	734	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=143f51f3-5740-4993-af01-b4fe83f5e369 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABJAEEATQBRAEEAdQBBAEQATQBBAE4AUQBBAHQAQQBEAEkAQQBNAEEAQQAzAEEARABJAEEATwBBAEEAMwBBAEQAVQBBAE0AQQBBADUAQQBEAGsAQQBNAGcAQQAyAEEARABZAEEATQB3AEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=0b721ff9-3605-4f0f-946c-79548bc64e0f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	733	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cddbcdf-ac04-4987-aac7-2b20529ad12e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIAMQAuADMANQAtADIAMAA3ADIAOAA3ADUAMAA5ADkAMgA2ADYAMwAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=5502783f-6eda-4215-8ca3-7ef201c6bd8f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	732	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cddbcdf-ac04-4987-aac7-2b20529ad12e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIAMQAuADMANQAtADIAMAA3ADIAOAA3ADUAMAA5ADkAMgA2ADYAMwAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=5502783f-6eda-4215-8ca3-7ef201c6bd8f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	731	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cddbcdf-ac04-4987-aac7-2b20529ad12e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIAMQAuADMANQAtADIAMAA3ADIAOAA3ADUAMAA5ADkAMgA2ADYAMwAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	730	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cddbcdf-ac04-4987-aac7-2b20529ad12e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIAMQAuADMANQAtADIAMAA3ADIAOAA3ADUAMAA5ADkAMgA2ADYAMwAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	729	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cddbcdf-ac04-4987-aac7-2b20529ad12e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIAMQAuADMANQAtADIAMAA3ADIAOAA3ADUAMAA5ADkAMgA2ADYAMwAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	728	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cddbcdf-ac04-4987-aac7-2b20529ad12e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIAMQAuADMANQAtADIAMAA3ADIAOAA3ADUAMAA5ADkAMgA2ADYAMwAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	727	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cddbcdf-ac04-4987-aac7-2b20529ad12e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIAMQAuADMANQAtADIAMAA3ADIAOAA3ADUAMAA5ADkAMgA2ADYAMwAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	726	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cddbcdf-ac04-4987-aac7-2b20529ad12e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIAMQAuADMANQAtADIAMAA3ADIAOAA3ADUAMAA5ADkAMgA2ADYAMwAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	725	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=143f51f3-5740-4993-af01-b4fe83f5e369 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABJAEEATQBRAEEAdQBBAEQATQBBAE4AUQBBAHQAQQBEAEkAQQBNAEEAQQAzAEEARABJAEEATwBBAEEAMwBBAEQAVQBBAE0AQQBBADUAQQBEAGsAQQBNAGcAQQAyAEEARABZAEEATQB3AEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=0b721ff9-3605-4f0f-946c-79548bc64e0f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	724	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=143f51f3-5740-4993-af01-b4fe83f5e369 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABJAEEATQBRAEEAdQBBAEQATQBBAE4AUQBBAHQAQQBEAEkAQQBNAEEAQQAzAEEARABJAEEATwBBAEEAMwBBAEQAVQBBAE0AQQBBADUAQQBEAGsAQQBNAGcAQQAyAEEARABZAEEATQB3AEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	723	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=143f51f3-5740-4993-af01-b4fe83f5e369 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABJAEEATQBRAEEAdQBBAEQATQBBAE4AUQBBAHQAQQBEAEkAQQBNAEEAQQAzAEEARABJAEEATwBBAEEAMwBBAEQAVQBBAE0AQQBBADUAQQBEAGsAQQBNAGcAQQAyAEEARABZAEEATQB3AEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	722	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=143f51f3-5740-4993-af01-b4fe83f5e369 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABJAEEATQBRAEEAdQBBAEQATQBBAE4AUQBBAHQAQQBEAEkAQQBNAEEAQQAzAEEARABJAEEATwBBAEEAMwBBAEQAVQBBAE0AQQBBADUAQQBEAGsAQQBNAGcAQQAyAEEARABZAEEATQB3AEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	721	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=143f51f3-5740-4993-af01-b4fe83f5e369 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABJAEEATQBRAEEAdQBBAEQATQBBAE4AUQBBAHQAQQBEAEkAQQBNAEEAQQAzAEEARABJAEEATwBBAEEAMwBBAEQAVQBBAE0AQQBBADUAQQBEAGsAQQBNAGcAQQAyAEEARABZAEEATQB3AEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	720	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=143f51f3-5740-4993-af01-b4fe83f5e369 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABJAEEATQBRAEEAdQBBAEQATQBBAE4AUQBBAHQAQQBEAEkAQQBNAEEAQQAzAEEARABJAEEATwBBAEEAMwBBAEQAVQBBAE0AQQBBADUAQQBEAGsAQQBNAGcAQQAyAEEARABZAEEATQB3AEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	719	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=143f51f3-5740-4993-af01-b4fe83f5e369 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABJAEEATQBRAEEAdQBBAEQATQBBAE4AUQBBAHQAQQBEAEkAQQBNAEEAQQAzAEEARABJAEEATwBBAEEAMwBBAEQAVQBBAE0AQQBBADUAQQBEAGsAQQBNAGcAQQAyAEEARABZAEEATQB3AEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	718	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b6cc233-eb40-4529-b0db-485ee8d14a11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1ea2dd1e-7eca-4f8e-8dbb-db79adb50326 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	717	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6ac9834e-b43c-445c-8414-e82289e8eed2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d5ebb290-9e43-4ce7-b1f6-4b82d8139c79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	716	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6ac9834e-b43c-445c-8414-e82289e8eed2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	715	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6ac9834e-b43c-445c-8414-e82289e8eed2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	714	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6ac9834e-b43c-445c-8414-e82289e8eed2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	713	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6ac9834e-b43c-445c-8414-e82289e8eed2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	712	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6ac9834e-b43c-445c-8414-e82289e8eed2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	711	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6ac9834e-b43c-445c-8414-e82289e8eed2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	710	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6ac9834e-b43c-445c-8414-e82289e8eed2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	709	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6ac9834e-b43c-445c-8414-e82289e8eed2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	708	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b6cc233-eb40-4529-b0db-485ee8d14a11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1ea2dd1e-7eca-4f8e-8dbb-db79adb50326 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	707	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b6cc233-eb40-4529-b0db-485ee8d14a11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	706	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b6cc233-eb40-4529-b0db-485ee8d14a11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	705	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b6cc233-eb40-4529-b0db-485ee8d14a11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	704	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b6cc233-eb40-4529-b0db-485ee8d14a11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	703	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b6cc233-eb40-4529-b0db-485ee8d14a11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	702	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b6cc233-eb40-4529-b0db-485ee8d14a11 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	701	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9c864d0-5807-451a-997e-c0be11b271d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIAMQAuADMANQAtADIAMAA3ADIAOAA3ADUAMAA5ADkAMgA2ADYAMwAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=a94e4fad-83c4-487b-a3e6-0d1de7984ef6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	700	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9c864d0-5807-451a-997e-c0be11b271d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIAMQAuADMANQAtADIAMAA3ADIAOAA3ADUAMAA5ADkAMgA2ADYAMwAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=a94e4fad-83c4-487b-a3e6-0d1de7984ef6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	699	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9c864d0-5807-451a-997e-c0be11b271d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIAMQAuADMANQAtADIAMAA3ADIAOAA3ADUAMAA5ADkAMgA2ADYAMwAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	698	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9c864d0-5807-451a-997e-c0be11b271d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIAMQAuADMANQAtADIAMAA3ADIAOAA3ADUAMAA5ADkAMgA2ADYAMwAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	697	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9c864d0-5807-451a-997e-c0be11b271d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIAMQAuADMANQAtADIAMAA3ADIAOAA3ADUAMAA5ADkAMgA2ADYAMwAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	696	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9c864d0-5807-451a-997e-c0be11b271d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIAMQAuADMANQAtADIAMAA3ADIAOAA3ADUAMAA5ADkAMgA2ADYAMwAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	695	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9c864d0-5807-451a-997e-c0be11b271d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIAMQAuADMANQAtADIAMAA3ADIAOAA3ADUAMAA5ADkAMgA2ADYAMwAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	694	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9c864d0-5807-451a-997e-c0be11b271d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADIAMQAuADMANQAtADIAMAA3ADIAOAA3ADUAMAA5ADkAMgA2ADYAMwAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	693	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a9cacee8-914e-41e4-aaae-eddf1c08d52e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=92eb2051-2c98-4bd2-9537-82ed26979dc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	692	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6a5dc38a-7250-4d16-8451-e3d97d945e35 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=429a41a0-7b8c-4d5b-99ba-8a326a4ce174 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	691	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6a5dc38a-7250-4d16-8451-e3d97d945e35 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	690	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6a5dc38a-7250-4d16-8451-e3d97d945e35 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	689	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6a5dc38a-7250-4d16-8451-e3d97d945e35 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	688	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6a5dc38a-7250-4d16-8451-e3d97d945e35 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	687	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6a5dc38a-7250-4d16-8451-e3d97d945e35 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	686	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6a5dc38a-7250-4d16-8451-e3d97d945e35 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	685	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6a5dc38a-7250-4d16-8451-e3d97d945e35 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	684	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6a5dc38a-7250-4d16-8451-e3d97d945e35 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	683	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a9cacee8-914e-41e4-aaae-eddf1c08d52e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=92eb2051-2c98-4bd2-9537-82ed26979dc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	682	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a9cacee8-914e-41e4-aaae-eddf1c08d52e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	681	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a9cacee8-914e-41e4-aaae-eddf1c08d52e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	680	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a9cacee8-914e-41e4-aaae-eddf1c08d52e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	679	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a9cacee8-914e-41e4-aaae-eddf1c08d52e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	678	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a9cacee8-914e-41e4-aaae-eddf1c08d52e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	677	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a9cacee8-914e-41e4-aaae-eddf1c08d52e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	676	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6184cfcc-2cbe-4ba3-a06b-b2731a063d4a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQB3AEEAMQBBAEMAMABBAE0AZwBBAHcAQQBEAGMAQQBNAGcAQQA0AEEARABjAEEATgBRAEEAdwBBAEQAawBBAE8AUQBBAHkAQQBEAFkAQQBOAGcAQQB6AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=6feed0b5-40f7-43f5-a7b5-59c6f681762e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	675	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eccea334-edd9-4db4-b783-07bbbad0098c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMgAxAC4AMwA1AC0AMgAwADcAMgA4ADcANQAwADkAOQAyADYANgAzADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=dff253b7-f45c-4e83-92dc-f9899308f07f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	674	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eccea334-edd9-4db4-b783-07bbbad0098c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMgAxAC4AMwA1AC0AMgAwADcAMgA4ADcANQAwADkAOQAyADYANgAzADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=dff253b7-f45c-4e83-92dc-f9899308f07f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	673	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eccea334-edd9-4db4-b783-07bbbad0098c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMgAxAC4AMwA1AC0AMgAwADcAMgA4ADcANQAwADkAOQAyADYANgAzADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	672	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eccea334-edd9-4db4-b783-07bbbad0098c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMgAxAC4AMwA1AC0AMgAwADcAMgA4ADcANQAwADkAOQAyADYANgAzADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	671	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eccea334-edd9-4db4-b783-07bbbad0098c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMgAxAC4AMwA1AC0AMgAwADcAMgA4ADcANQAwADkAOQAyADYANgAzADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	670	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eccea334-edd9-4db4-b783-07bbbad0098c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMgAxAC4AMwA1AC0AMgAwADcAMgA4ADcANQAwADkAOQAyADYANgAzADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	669	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eccea334-edd9-4db4-b783-07bbbad0098c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMgAxAC4AMwA1AC0AMgAwADcAMgA4ADcANQAwADkAOQAyADYANgAzADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	668	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eccea334-edd9-4db4-b783-07bbbad0098c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMgAxAC4AMwA1AC0AMgAwADcAMgA4ADcANQAwADkAOQAyADYANgAzADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	667	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6184cfcc-2cbe-4ba3-a06b-b2731a063d4a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQB3AEEAMQBBAEMAMABBAE0AZwBBAHcAQQBEAGMAQQBNAGcAQQA0AEEARABjAEEATgBRAEEAdwBBAEQAawBBAE8AUQBBAHkAQQBEAFkAQQBOAGcAQQB6AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=6feed0b5-40f7-43f5-a7b5-59c6f681762e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	666	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6184cfcc-2cbe-4ba3-a06b-b2731a063d4a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQB3AEEAMQBBAEMAMABBAE0AZwBBAHcAQQBEAGMAQQBNAGcAQQA0AEEARABjAEEATgBRAEEAdwBBAEQAawBBAE8AUQBBAHkAQQBEAFkAQQBOAGcAQQB6AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	665	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6184cfcc-2cbe-4ba3-a06b-b2731a063d4a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQB3AEEAMQBBAEMAMABBAE0AZwBBAHcAQQBEAGMAQQBNAGcAQQA0AEEARABjAEEATgBRAEEAdwBBAEQAawBBAE8AUQBBAHkAQQBEAFkAQQBOAGcAQQB6AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	664	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6184cfcc-2cbe-4ba3-a06b-b2731a063d4a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQB3AEEAMQBBAEMAMABBAE0AZwBBAHcAQQBEAGMAQQBNAGcAQQA0AEEARABjAEEATgBRAEEAdwBBAEQAawBBAE8AUQBBAHkAQQBEAFkAQQBOAGcAQQB6AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	663	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6184cfcc-2cbe-4ba3-a06b-b2731a063d4a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQB3AEEAMQBBAEMAMABBAE0AZwBBAHcAQQBEAGMAQQBNAGcAQQA0AEEARABjAEEATgBRAEEAdwBBAEQAawBBAE8AUQBBAHkAQQBEAFkAQQBOAGcAQQB6AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	662	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6184cfcc-2cbe-4ba3-a06b-b2731a063d4a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQB3AEEAMQBBAEMAMABBAE0AZwBBAHcAQQBEAGMAQQBNAGcAQQA0AEEARABjAEEATgBRAEEAdwBBAEQAawBBAE8AUQBBAHkAQQBEAFkAQQBOAGcAQQB6AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	661	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6184cfcc-2cbe-4ba3-a06b-b2731a063d4a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQB3AEEAMQBBAEMAMABBAE0AZwBBAHcAQQBEAGMAQQBNAGcAQQA0AEEARABjAEEATgBRAEEAdwBBAEQAawBBAE8AUQBBAHkAQQBEAFkAQQBOAGcAQQB6AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	660	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=db085bd9-cffe-404e-a70c-61e639ef4518 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABFAEEATgBnAEEAdQBBAEQAYwBBAE0AZwBBAHQAQQBEAEkAQQBNAHcAQQB5AEEARABFAEEATwBRAEEANQBBAEQATQBBAE8AUQBBAHkAQQBEAE0AQQBPAEEAQQAwAEEARABZAEEATQBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=401d1729-c44b-4f07-8ceb-d4ee3f166d2e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	659	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6797df24-327e-4a02-b71f-a21b93ef4e82 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADEANgAuADcAMgAtADIAMwAyADEAOQA5ADMAOQAyADMAOAA0ADYAMgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=0ec72826-8a78-4499-8d81-c0386774de2e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	658	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6797df24-327e-4a02-b71f-a21b93ef4e82 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADEANgAuADcAMgAtADIAMwAyADEAOQA5ADMAOQAyADMAOAA0ADYAMgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=0ec72826-8a78-4499-8d81-c0386774de2e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	657	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6797df24-327e-4a02-b71f-a21b93ef4e82 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADEANgAuADcAMgAtADIAMwAyADEAOQA5ADMAOQAyADMAOAA0ADYAMgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	656	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6797df24-327e-4a02-b71f-a21b93ef4e82 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADEANgAuADcAMgAtADIAMwAyADEAOQA5ADMAOQAyADMAOAA0ADYAMgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	655	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6797df24-327e-4a02-b71f-a21b93ef4e82 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADEANgAuADcAMgAtADIAMwAyADEAOQA5ADMAOQAyADMAOAA0ADYAMgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	654	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6797df24-327e-4a02-b71f-a21b93ef4e82 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADEANgAuADcAMgAtADIAMwAyADEAOQA5ADMAOQAyADMAOAA0ADYAMgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	653	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6797df24-327e-4a02-b71f-a21b93ef4e82 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADEANgAuADcAMgAtADIAMwAyADEAOQA5ADMAOQAyADMAOAA0ADYAMgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	652	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6797df24-327e-4a02-b71f-a21b93ef4e82 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADEANgAuADcAMgAtADIAMwAyADEAOQA5ADMAOQAyADMAOAA0ADYAMgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	651	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=db085bd9-cffe-404e-a70c-61e639ef4518 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABFAEEATgBnAEEAdQBBAEQAYwBBAE0AZwBBAHQAQQBEAEkAQQBNAHcAQQB5AEEARABFAEEATwBRAEEANQBBAEQATQBBAE8AUQBBAHkAQQBEAE0AQQBPAEEAQQAwAEEARABZAEEATQBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=401d1729-c44b-4f07-8ceb-d4ee3f166d2e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	650	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=db085bd9-cffe-404e-a70c-61e639ef4518 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABFAEEATgBnAEEAdQBBAEQAYwBBAE0AZwBBAHQAQQBEAEkAQQBNAHcAQQB5AEEARABFAEEATwBRAEEANQBBAEQATQBBAE8AUQBBAHkAQQBEAE0AQQBPAEEAQQAwAEEARABZAEEATQBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	649	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=db085bd9-cffe-404e-a70c-61e639ef4518 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABFAEEATgBnAEEAdQBBAEQAYwBBAE0AZwBBAHQAQQBEAEkAQQBNAHcAQQB5AEEARABFAEEATwBRAEEANQBBAEQATQBBAE8AUQBBAHkAQQBEAE0AQQBPAEEAQQAwAEEARABZAEEATQBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	648	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=db085bd9-cffe-404e-a70c-61e639ef4518 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABFAEEATgBnAEEAdQBBAEQAYwBBAE0AZwBBAHQAQQBEAEkAQQBNAHcAQQB5AEEARABFAEEATwBRAEEANQBBAEQATQBBAE8AUQBBAHkAQQBEAE0AQQBPAEEAQQAwAEEARABZAEEATQBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	647	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=db085bd9-cffe-404e-a70c-61e639ef4518 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABFAEEATgBnAEEAdQBBAEQAYwBBAE0AZwBBAHQAQQBEAEkAQQBNAHcAQQB5AEEARABFAEEATwBRAEEANQBBAEQATQBBAE8AUQBBAHkAQQBEAE0AQQBPAEEAQQAwAEEARABZAEEATQBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	646	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=db085bd9-cffe-404e-a70c-61e639ef4518 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABFAEEATgBnAEEAdQBBAEQAYwBBAE0AZwBBAHQAQQBEAEkAQQBNAHcAQQB5AEEARABFAEEATwBRAEEANQBBAEQATQBBAE8AUQBBAHkAQQBEAE0AQQBPAEEAQQAwAEEARABZAEEATQBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	645	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=db085bd9-cffe-404e-a70c-61e639ef4518 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE8AQQBBAHoAQQBEAFUAQQBNAGcAQQB4AEEARABFAEEATgBnAEEAdQBBAEQAYwBBAE0AZwBBAHQAQQBEAEkAQQBNAHcAQQB5AEEARABFAEEATwBRAEEANQBBAEQATQBBAE8AUQBBAHkAQQBEAE0AQQBPAEEAQQAwAEEARABZAEEATQBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	644	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e707f08c-a322-46d7-ad95-b36d830d3445 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b03e8db8-5f60-4231-9aeb-52139664fea5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	643	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=35eb7d80-215c-41b8-a11d-06c4c9c9aad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9c69a82a-dcfe-4836-b69b-7c02720e5aa4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	642	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=35eb7d80-215c-41b8-a11d-06c4c9c9aad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	641	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=35eb7d80-215c-41b8-a11d-06c4c9c9aad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	640	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=35eb7d80-215c-41b8-a11d-06c4c9c9aad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	639	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=35eb7d80-215c-41b8-a11d-06c4c9c9aad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	638	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=35eb7d80-215c-41b8-a11d-06c4c9c9aad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	637	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=35eb7d80-215c-41b8-a11d-06c4c9c9aad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	636	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=35eb7d80-215c-41b8-a11d-06c4c9c9aad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	635	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=35eb7d80-215c-41b8-a11d-06c4c9c9aad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	634	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:22:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e707f08c-a322-46d7-ad95-b36d830d3445 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b03e8db8-5f60-4231-9aeb-52139664fea5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	633	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e707f08c-a322-46d7-ad95-b36d830d3445 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	632	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e707f08c-a322-46d7-ad95-b36d830d3445 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	631	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e707f08c-a322-46d7-ad95-b36d830d3445 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	630	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e707f08c-a322-46d7-ad95-b36d830d3445 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	629	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e707f08c-a322-46d7-ad95-b36d830d3445 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	628	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e707f08c-a322-46d7-ad95-b36d830d3445 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	627	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52439a71-3b5e-43aa-b09a-9b6360a4a3ab HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADEANgAuADcAMgAtADIAMwAyADEAOQA5ADMAOQAyADMAOAA0ADYAMgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=ff2a33ee-f784-4898-8b6b-f81213f86958 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	626	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52439a71-3b5e-43aa-b09a-9b6360a4a3ab HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADEANgAuADcAMgAtADIAMwAyADEAOQA5ADMAOQAyADMAOAA0ADYAMgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=ff2a33ee-f784-4898-8b6b-f81213f86958 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	625	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52439a71-3b5e-43aa-b09a-9b6360a4a3ab HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADEANgAuADcAMgAtADIAMwAyADEAOQA5ADMAOQAyADMAOAA0ADYAMgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	624	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52439a71-3b5e-43aa-b09a-9b6360a4a3ab HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADEANgAuADcAMgAtADIAMwAyADEAOQA5ADMAOQAyADMAOAA0ADYAMgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	623	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52439a71-3b5e-43aa-b09a-9b6360a4a3ab HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADEANgAuADcAMgAtADIAMwAyADEAOQA5ADMAOQAyADMAOAA0ADYAMgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	622	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52439a71-3b5e-43aa-b09a-9b6360a4a3ab HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADEANgAuADcAMgAtADIAMwAyADEAOQA5ADMAOQAyADMAOAA0ADYAMgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	621	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52439a71-3b5e-43aa-b09a-9b6360a4a3ab HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADEANgAuADcAMgAtADIAMwAyADEAOQA5ADMAOQAyADMAOAA0ADYAMgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	620	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52439a71-3b5e-43aa-b09a-9b6360a4a3ab HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUAOAAzADUAMgAxADEANgAuADcAMgAtADIAMwAyADEAOQA5ADMAOQAyADMAOAA0ADYAMgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	619	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a520c910-177d-4dc7-abca-cde8dfcbd188 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7a3f518e-2eae-4dc7-b735-7e976ec49d49 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	618	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cfa94b0a-15dc-4128-a6d5-e3254930a0cd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7947a4a7-c28c-444c-b424-6ecc7dc04cb0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	617	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cfa94b0a-15dc-4128-a6d5-e3254930a0cd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	616	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cfa94b0a-15dc-4128-a6d5-e3254930a0cd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	615	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cfa94b0a-15dc-4128-a6d5-e3254930a0cd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	614	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cfa94b0a-15dc-4128-a6d5-e3254930a0cd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	613	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cfa94b0a-15dc-4128-a6d5-e3254930a0cd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	612	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cfa94b0a-15dc-4128-a6d5-e3254930a0cd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	611	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cfa94b0a-15dc-4128-a6d5-e3254930a0cd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	610	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cfa94b0a-15dc-4128-a6d5-e3254930a0cd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	609	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a520c910-177d-4dc7-abca-cde8dfcbd188 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7a3f518e-2eae-4dc7-b735-7e976ec49d49 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	608	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a520c910-177d-4dc7-abca-cde8dfcbd188 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	607	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a520c910-177d-4dc7-abca-cde8dfcbd188 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	606	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a520c910-177d-4dc7-abca-cde8dfcbd188 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	605	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a520c910-177d-4dc7-abca-cde8dfcbd188 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	604	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a520c910-177d-4dc7-abca-cde8dfcbd188 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	603	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a520c910-177d-4dc7-abca-cde8dfcbd188 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	602	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a4043abf-8b4b-474d-b15a-4222ea46e5f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAFEAQQAyAEEAQwA0AEEATgB3AEEAeQBBAEMAMABBAE0AZwBBAHoAQQBEAEkAQQBNAFEAQQA1AEEARABrAEEATQB3AEEANQBBAEQASQBBAE0AdwBBADQAQQBEAFEAQQBOAGcAQQB5AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=0ec42ecd-233e-4ce4-9b90-58797fec9006 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	601	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7d3ab755-283b-422a-b311-246b117c817d HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMQA2AC4ANwAyAC0AMgAzADIAMQA5ADkAMwA5ADIAMwA4ADQANgAyADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=0603a6f7-3441-4230-a8b7-073eed2fd6ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	600	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7d3ab755-283b-422a-b311-246b117c817d HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMQA2AC4ANwAyAC0AMgAzADIAMQA5ADkAMwA5ADIAMwA4ADQANgAyADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=0603a6f7-3441-4230-a8b7-073eed2fd6ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	599	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7d3ab755-283b-422a-b311-246b117c817d HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMQA2AC4ANwAyAC0AMgAzADIAMQA5ADkAMwA5ADIAMwA4ADQANgAyADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	598	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7d3ab755-283b-422a-b311-246b117c817d HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMQA2AC4ANwAyAC0AMgAzADIAMQA5ADkAMwA5ADIAMwA4ADQANgAyADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	597	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7d3ab755-283b-422a-b311-246b117c817d HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMQA2AC4ANwAyAC0AMgAzADIAMQA5ADkAMwA5ADIAMwA4ADQANgAyADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	596	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7d3ab755-283b-422a-b311-246b117c817d HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMQA2AC4ANwAyAC0AMgAzADIAMQA5ADkAMwA5ADIAMwA4ADQANgAyADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	595	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7d3ab755-283b-422a-b311-246b117c817d HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMQA2AC4ANwAyAC0AMgAzADIAMQA5ADkAMwA5ADIAMwA4ADQANgAyADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	594	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7d3ab755-283b-422a-b311-246b117c817d HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA4ADMANQAyADEAMQA2AC4ANwAyAC0AMgAzADIAMQA5ADkAMwA5ADIAMwA4ADQANgAyADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	593	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a4043abf-8b4b-474d-b15a-4222ea46e5f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAFEAQQAyAEEAQwA0AEEATgB3AEEAeQBBAEMAMABBAE0AZwBBAHoAQQBEAEkAQQBNAFEAQQA1AEEARABrAEEATQB3AEEANQBBAEQASQBBAE0AdwBBADQAQQBEAFEAQQBOAGcAQQB5AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=0ec42ecd-233e-4ce4-9b90-58797fec9006 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	592	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a4043abf-8b4b-474d-b15a-4222ea46e5f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAFEAQQAyAEEAQwA0AEEATgB3AEEAeQBBAEMAMABBAE0AZwBBAHoAQQBEAEkAQQBNAFEAQQA1AEEARABrAEEATQB3AEEANQBBAEQASQBBAE0AdwBBADQAQQBEAFEAQQBOAGcAQQB5AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	591	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a4043abf-8b4b-474d-b15a-4222ea46e5f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAFEAQQAyAEEAQwA0AEEATgB3AEEAeQBBAEMAMABBAE0AZwBBAHoAQQBEAEkAQQBNAFEAQQA1AEEARABrAEEATQB3AEEANQBBAEQASQBBAE0AdwBBADQAQQBEAFEAQQBOAGcAQQB5AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	590	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a4043abf-8b4b-474d-b15a-4222ea46e5f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAFEAQQAyAEEAQwA0AEEATgB3AEEAeQBBAEMAMABBAE0AZwBBAHoAQQBEAEkAQQBNAFEAQQA1AEEARABrAEEATQB3AEEANQBBAEQASQBBAE0AdwBBADQAQQBEAFEAQQBOAGcAQQB5AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	589	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a4043abf-8b4b-474d-b15a-4222ea46e5f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAFEAQQAyAEEAQwA0AEEATgB3AEEAeQBBAEMAMABBAE0AZwBBAHoAQQBEAEkAQQBNAFEAQQA1AEEARABrAEEATQB3AEEANQBBAEQASQBBAE0AdwBBADQAQQBEAFEAQQBOAGcAQQB5AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	588	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a4043abf-8b4b-474d-b15a-4222ea46e5f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAFEAQQAyAEEAQwA0AEEATgB3AEEAeQBBAEMAMABBAE0AZwBBAHoAQQBEAEkAQQBNAFEAQQA1AEEARABrAEEATQB3AEEANQBBAEQASQBBAE0AdwBBADQAQQBEAFEAQQBOAGcAQQB5AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	587	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a4043abf-8b4b-474d-b15a-4222ea46e5f0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEANABBAEQATQBBAE4AUQBBAHkAQQBEAEUAQQBNAFEAQQAyAEEAQwA0AEEATgB3AEEAeQBBAEMAMABBAE0AZwBBAHoAQQBEAEkAQQBNAFEAQQA1AEEARABrAEEATQB3AEEANQBBAEQASQBBAE0AdwBBADQAQQBEAFEAQQBOAGcAQQB5AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	586	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6a2f7c13-dbf4-46ee-bc0a-a3a79a80542f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=01ca5289-d0ff-4c19-be4d-bdea70e06d2e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	585	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=183b6af0-1b27-432a-be5f-41d224aff1ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=cdeb03bf-54b2-4efa-82de-997a5802ef5d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	584	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=183b6af0-1b27-432a-be5f-41d224aff1ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	583	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=183b6af0-1b27-432a-be5f-41d224aff1ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	582	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=183b6af0-1b27-432a-be5f-41d224aff1ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	581	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=183b6af0-1b27-432a-be5f-41d224aff1ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	580	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=183b6af0-1b27-432a-be5f-41d224aff1ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	579	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=183b6af0-1b27-432a-be5f-41d224aff1ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	578	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=183b6af0-1b27-432a-be5f-41d224aff1ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	577	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=183b6af0-1b27-432a-be5f-41d224aff1ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	576	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6a2f7c13-dbf4-46ee-bc0a-a3a79a80542f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=01ca5289-d0ff-4c19-be4d-bdea70e06d2e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	575	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6a2f7c13-dbf4-46ee-bc0a-a3a79a80542f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	574	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6a2f7c13-dbf4-46ee-bc0a-a3a79a80542f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	573	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6a2f7c13-dbf4-46ee-bc0a-a3a79a80542f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	572	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6a2f7c13-dbf4-46ee-bc0a-a3a79a80542f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	571	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6a2f7c13-dbf4-46ee-bc0a-a3a79a80542f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	570	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6a2f7c13-dbf4-46ee-bc0a-a3a79a80542f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	569	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e955f7f6-3fbf-40d4-9ff4-cf13b792d7be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4d0dbb65-398e-4eb6-9b24-ed961e3994fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	568	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=85efc76b-b649-405e-a5e1-41ddc8bacc3d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a3b3a53a-24d7-4d25-b06b-96d23e5f2248 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	567	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=85efc76b-b649-405e-a5e1-41ddc8bacc3d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	566	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=85efc76b-b649-405e-a5e1-41ddc8bacc3d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	565	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=85efc76b-b649-405e-a5e1-41ddc8bacc3d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	564	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=85efc76b-b649-405e-a5e1-41ddc8bacc3d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	563	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=85efc76b-b649-405e-a5e1-41ddc8bacc3d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	562	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=85efc76b-b649-405e-a5e1-41ddc8bacc3d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	561	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=85efc76b-b649-405e-a5e1-41ddc8bacc3d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	560	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=85efc76b-b649-405e-a5e1-41ddc8bacc3d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	559	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e955f7f6-3fbf-40d4-9ff4-cf13b792d7be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4d0dbb65-398e-4eb6-9b24-ed961e3994fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	558	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e955f7f6-3fbf-40d4-9ff4-cf13b792d7be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	557	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e955f7f6-3fbf-40d4-9ff4-cf13b792d7be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	556	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e955f7f6-3fbf-40d4-9ff4-cf13b792d7be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	555	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e955f7f6-3fbf-40d4-9ff4-cf13b792d7be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	554	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e955f7f6-3fbf-40d4-9ff4-cf13b792d7be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	553	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e955f7f6-3fbf-40d4-9ff4-cf13b792d7be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	552	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7dcd2cce-937e-41df-b255-66b01ffd9cb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=259a51fd-7bbd-4e5d-93d6-264c39fb558c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	551	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=54519383-67c8-4f8b-b4cf-6ce1ef058e93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=663bdd6a-4064-4ca1-b99a-5002aa448601 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	550	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=54519383-67c8-4f8b-b4cf-6ce1ef058e93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=663bdd6a-4064-4ca1-b99a-5002aa448601 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	549	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=54519383-67c8-4f8b-b4cf-6ce1ef058e93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	548	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=54519383-67c8-4f8b-b4cf-6ce1ef058e93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	547	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=54519383-67c8-4f8b-b4cf-6ce1ef058e93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	546	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=54519383-67c8-4f8b-b4cf-6ce1ef058e93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	545	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=54519383-67c8-4f8b-b4cf-6ce1ef058e93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	544	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=54519383-67c8-4f8b-b4cf-6ce1ef058e93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	543	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=54519383-67c8-4f8b-b4cf-6ce1ef058e93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	542	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=54519383-67c8-4f8b-b4cf-6ce1ef058e93 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	541	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7dcd2cce-937e-41df-b255-66b01ffd9cb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=259a51fd-7bbd-4e5d-93d6-264c39fb558c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	540	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7dcd2cce-937e-41df-b255-66b01ffd9cb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	539	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7dcd2cce-937e-41df-b255-66b01ffd9cb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	538	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7dcd2cce-937e-41df-b255-66b01ffd9cb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	537	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7dcd2cce-937e-41df-b255-66b01ffd9cb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	536	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7dcd2cce-937e-41df-b255-66b01ffd9cb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	535	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7dcd2cce-937e-41df-b255-66b01ffd9cb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	534	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=403d8c08-58b9-4647-8de2-71723e8be616 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=dce1c836-adcc-43d2-a2fb-0c96afb7317a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	533	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=65d91a5a-8335-40ca-9a1f-decca9d1dccb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ffca3e7f-2cf2-4b2b-90b8-355a2fba3d0d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	532	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=65d91a5a-8335-40ca-9a1f-decca9d1dccb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	531	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=65d91a5a-8335-40ca-9a1f-decca9d1dccb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	530	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=65d91a5a-8335-40ca-9a1f-decca9d1dccb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	529	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=65d91a5a-8335-40ca-9a1f-decca9d1dccb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	528	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=65d91a5a-8335-40ca-9a1f-decca9d1dccb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	527	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=65d91a5a-8335-40ca-9a1f-decca9d1dccb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	526	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=65d91a5a-8335-40ca-9a1f-decca9d1dccb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	525	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=65d91a5a-8335-40ca-9a1f-decca9d1dccb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	524	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=403d8c08-58b9-4647-8de2-71723e8be616 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=dce1c836-adcc-43d2-a2fb-0c96afb7317a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	523	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=403d8c08-58b9-4647-8de2-71723e8be616 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	522	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=403d8c08-58b9-4647-8de2-71723e8be616 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	521	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=403d8c08-58b9-4647-8de2-71723e8be616 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	520	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=403d8c08-58b9-4647-8de2-71723e8be616 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	519	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=403d8c08-58b9-4647-8de2-71723e8be616 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	518	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=403d8c08-58b9-4647-8de2-71723e8be616 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	517	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a19dcb2-e794-4824-9b09-89f5337f0a9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=bd6e3e46-5890-49f7-ae50-d0d5965dd17d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	516	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=108c564c-8e34-4cdd-bcef-6b3280a23e24 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=965855dc-6374-4c43-ba83-fd4c41158381 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	515	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=108c564c-8e34-4cdd-bcef-6b3280a23e24 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	514	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=108c564c-8e34-4cdd-bcef-6b3280a23e24 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	513	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=108c564c-8e34-4cdd-bcef-6b3280a23e24 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	512	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=108c564c-8e34-4cdd-bcef-6b3280a23e24 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	511	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=108c564c-8e34-4cdd-bcef-6b3280a23e24 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	510	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=108c564c-8e34-4cdd-bcef-6b3280a23e24 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	509	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=108c564c-8e34-4cdd-bcef-6b3280a23e24 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	508	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=108c564c-8e34-4cdd-bcef-6b3280a23e24 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	507	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a19dcb2-e794-4824-9b09-89f5337f0a9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=bd6e3e46-5890-49f7-ae50-d0d5965dd17d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	506	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a19dcb2-e794-4824-9b09-89f5337f0a9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	505	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a19dcb2-e794-4824-9b09-89f5337f0a9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	504	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a19dcb2-e794-4824-9b09-89f5337f0a9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	503	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a19dcb2-e794-4824-9b09-89f5337f0a9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	502	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a19dcb2-e794-4824-9b09-89f5337f0a9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	501	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3a19dcb2-e794-4824-9b09-89f5337f0a9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	500	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1989957c-563e-4e09-844c-c5037d657a85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=eee731dd-ab9d-4a4a-86da-d5d2e1e2a37e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	499	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a03fba3b-f424-4209-a349-a16f45039b94 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=0a95e063-e568-497b-ae40-56bc6e7bff22 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	498	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a03fba3b-f424-4209-a349-a16f45039b94 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	497	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a03fba3b-f424-4209-a349-a16f45039b94 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	496	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a03fba3b-f424-4209-a349-a16f45039b94 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	495	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a03fba3b-f424-4209-a349-a16f45039b94 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	494	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a03fba3b-f424-4209-a349-a16f45039b94 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	493	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a03fba3b-f424-4209-a349-a16f45039b94 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	492	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a03fba3b-f424-4209-a349-a16f45039b94 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	491	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a03fba3b-f424-4209-a349-a16f45039b94 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	490	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1989957c-563e-4e09-844c-c5037d657a85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=eee731dd-ab9d-4a4a-86da-d5d2e1e2a37e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	489	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1989957c-563e-4e09-844c-c5037d657a85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	488	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1989957c-563e-4e09-844c-c5037d657a85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	487	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1989957c-563e-4e09-844c-c5037d657a85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	486	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1989957c-563e-4e09-844c-c5037d657a85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	485	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1989957c-563e-4e09-844c-c5037d657a85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	484	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1989957c-563e-4e09-844c-c5037d657a85 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	483	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6c5b450-d914-48b9-ad2d-d0a95d4150e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7d6fc7a7-23c0-47cf-b8ba-556832d548c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	482	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c292b224-76e7-4fff-9ace-4b0983454954 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=0d95578e-0781-4939-b044-fe0e40778756 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	481	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c292b224-76e7-4fff-9ace-4b0983454954 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	480	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c292b224-76e7-4fff-9ace-4b0983454954 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	479	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c292b224-76e7-4fff-9ace-4b0983454954 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	478	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c292b224-76e7-4fff-9ace-4b0983454954 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	477	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c292b224-76e7-4fff-9ace-4b0983454954 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	476	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c292b224-76e7-4fff-9ace-4b0983454954 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	475	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c292b224-76e7-4fff-9ace-4b0983454954 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	474	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c292b224-76e7-4fff-9ace-4b0983454954 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	473	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6c5b450-d914-48b9-ad2d-d0a95d4150e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7d6fc7a7-23c0-47cf-b8ba-556832d548c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	472	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6c5b450-d914-48b9-ad2d-d0a95d4150e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	471	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6c5b450-d914-48b9-ad2d-d0a95d4150e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	470	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6c5b450-d914-48b9-ad2d-d0a95d4150e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	469	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6c5b450-d914-48b9-ad2d-d0a95d4150e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	468	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6c5b450-d914-48b9-ad2d-d0a95d4150e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	467	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6c5b450-d914-48b9-ad2d-d0a95d4150e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	466	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77029eb3-3466-4ea5-831e-01e2de54cf6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=15b26377-6de7-4b29-b4f3-87d26d3e59e1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	465	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2a788c8-3991-4d74-849f-ba3885610357 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=dded9fbd-d4d4-468e-bc9d-a121b9bd8ffd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	464	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2a788c8-3991-4d74-849f-ba3885610357 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	463	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2a788c8-3991-4d74-849f-ba3885610357 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	462	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2a788c8-3991-4d74-849f-ba3885610357 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	461	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2a788c8-3991-4d74-849f-ba3885610357 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	460	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2a788c8-3991-4d74-849f-ba3885610357 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	459	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2a788c8-3991-4d74-849f-ba3885610357 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	458	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2a788c8-3991-4d74-849f-ba3885610357 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	457	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e2a788c8-3991-4d74-849f-ba3885610357 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	456	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77029eb3-3466-4ea5-831e-01e2de54cf6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=15b26377-6de7-4b29-b4f3-87d26d3e59e1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	455	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77029eb3-3466-4ea5-831e-01e2de54cf6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	454	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77029eb3-3466-4ea5-831e-01e2de54cf6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	453	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77029eb3-3466-4ea5-831e-01e2de54cf6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	452	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77029eb3-3466-4ea5-831e-01e2de54cf6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	451	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77029eb3-3466-4ea5-831e-01e2de54cf6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	450	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77029eb3-3466-4ea5-831e-01e2de54cf6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	449	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eac46371-0e1e-485e-a9a5-7a5440bfdc08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=40892cf0-644d-4b1b-837b-09ac6388ed27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	448	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=5ab2f696-2cbd-4daf-b1b5-1729609333cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f69d8c56-6250-4198-9754-970fd9a6b3fd PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	447	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5ab2f696-2cbd-4daf-b1b5-1729609333cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f69d8c56-6250-4198-9754-970fd9a6b3fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	446	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5ab2f696-2cbd-4daf-b1b5-1729609333cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	445	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5ab2f696-2cbd-4daf-b1b5-1729609333cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	444	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5ab2f696-2cbd-4daf-b1b5-1729609333cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	443	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5ab2f696-2cbd-4daf-b1b5-1729609333cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	442	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5ab2f696-2cbd-4daf-b1b5-1729609333cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	441	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5ab2f696-2cbd-4daf-b1b5-1729609333cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	440	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5ab2f696-2cbd-4daf-b1b5-1729609333cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	439	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5ab2f696-2cbd-4daf-b1b5-1729609333cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	438	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eac46371-0e1e-485e-a9a5-7a5440bfdc08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=40892cf0-644d-4b1b-837b-09ac6388ed27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	437	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eac46371-0e1e-485e-a9a5-7a5440bfdc08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	436	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eac46371-0e1e-485e-a9a5-7a5440bfdc08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	435	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eac46371-0e1e-485e-a9a5-7a5440bfdc08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	434	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eac46371-0e1e-485e-a9a5-7a5440bfdc08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	433	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eac46371-0e1e-485e-a9a5-7a5440bfdc08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	432	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eac46371-0e1e-485e-a9a5-7a5440bfdc08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	431	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=22b07175-a421-4d8b-84f4-4a134141d4bc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e5dca0be-7d77-4bd2-9de7-7f3f8e118b4a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	430	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f42308f-d331-4767-b936-1214e5e4276d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=648a5006-759b-4e3a-aa4d-89f8ea9233c2 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	429	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f42308f-d331-4767-b936-1214e5e4276d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=648a5006-759b-4e3a-aa4d-89f8ea9233c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	428	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f42308f-d331-4767-b936-1214e5e4276d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	427	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f42308f-d331-4767-b936-1214e5e4276d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	426	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f42308f-d331-4767-b936-1214e5e4276d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	425	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f42308f-d331-4767-b936-1214e5e4276d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	424	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f42308f-d331-4767-b936-1214e5e4276d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	423	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f42308f-d331-4767-b936-1214e5e4276d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	422	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f42308f-d331-4767-b936-1214e5e4276d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	421	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f42308f-d331-4767-b936-1214e5e4276d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	420	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=22b07175-a421-4d8b-84f4-4a134141d4bc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e5dca0be-7d77-4bd2-9de7-7f3f8e118b4a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	419	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=22b07175-a421-4d8b-84f4-4a134141d4bc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	418	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=22b07175-a421-4d8b-84f4-4a134141d4bc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	417	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=22b07175-a421-4d8b-84f4-4a134141d4bc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	416	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=22b07175-a421-4d8b-84f4-4a134141d4bc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	415	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=22b07175-a421-4d8b-84f4-4a134141d4bc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	414	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=22b07175-a421-4d8b-84f4-4a134141d4bc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	413	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c28a631d-07ea-4460-9203-ef76681cf708 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=553ada16-b460-4ca4-9cfa-8e89441c886f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	412	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=2c99dce2-4e52-4636-b49b-851816ff51b9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3fb422f4-6a65-4bc0-9c8a-bb3715651875 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	411	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2c99dce2-4e52-4636-b49b-851816ff51b9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3fb422f4-6a65-4bc0-9c8a-bb3715651875 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	410	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2c99dce2-4e52-4636-b49b-851816ff51b9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	409	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2c99dce2-4e52-4636-b49b-851816ff51b9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	408	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2c99dce2-4e52-4636-b49b-851816ff51b9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	407	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2c99dce2-4e52-4636-b49b-851816ff51b9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	406	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2c99dce2-4e52-4636-b49b-851816ff51b9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	405	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2c99dce2-4e52-4636-b49b-851816ff51b9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	404	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2c99dce2-4e52-4636-b49b-851816ff51b9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	403	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2c99dce2-4e52-4636-b49b-851816ff51b9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	402	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c28a631d-07ea-4460-9203-ef76681cf708 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=553ada16-b460-4ca4-9cfa-8e89441c886f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	401	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c28a631d-07ea-4460-9203-ef76681cf708 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	400	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c28a631d-07ea-4460-9203-ef76681cf708 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	399	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c28a631d-07ea-4460-9203-ef76681cf708 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	398	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c28a631d-07ea-4460-9203-ef76681cf708 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	397	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c28a631d-07ea-4460-9203-ef76681cf708 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	396	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c28a631d-07ea-4460-9203-ef76681cf708 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	395	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9d600a13-6755-447e-9783-4e657c1cb6be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d6e1dc4c-f073-4b71-8339-c9c4a4d6d989 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	394	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=dfb8bdc5-52a3-4b0f-86d8-947dc67e5af0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d2afd097-673d-474e-9c30-7f403d58bacc PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	393	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dfb8bdc5-52a3-4b0f-86d8-947dc67e5af0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d2afd097-673d-474e-9c30-7f403d58bacc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	392	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dfb8bdc5-52a3-4b0f-86d8-947dc67e5af0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	391	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dfb8bdc5-52a3-4b0f-86d8-947dc67e5af0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	390	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dfb8bdc5-52a3-4b0f-86d8-947dc67e5af0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	389	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dfb8bdc5-52a3-4b0f-86d8-947dc67e5af0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	388	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dfb8bdc5-52a3-4b0f-86d8-947dc67e5af0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	387	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dfb8bdc5-52a3-4b0f-86d8-947dc67e5af0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	386	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dfb8bdc5-52a3-4b0f-86d8-947dc67e5af0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	385	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dfb8bdc5-52a3-4b0f-86d8-947dc67e5af0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	384	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9d600a13-6755-447e-9783-4e657c1cb6be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d6e1dc4c-f073-4b71-8339-c9c4a4d6d989 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	383	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9d600a13-6755-447e-9783-4e657c1cb6be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	382	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9d600a13-6755-447e-9783-4e657c1cb6be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	381	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9d600a13-6755-447e-9783-4e657c1cb6be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	380	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9d600a13-6755-447e-9783-4e657c1cb6be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	379	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9d600a13-6755-447e-9783-4e657c1cb6be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	378	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9d600a13-6755-447e-9783-4e657c1cb6be HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	377	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=35d2f00c-bc70-43b0-ae10-f111ca671554 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d58d1064-ef5f-46ee-b8dc-a80f4f7fd951 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	376	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=4635a87d-b2c6-419c-bfe5-035e133bf942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fb549127-8ccd-4706-9625-615e24100170 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	375	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4635a87d-b2c6-419c-bfe5-035e133bf942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fb549127-8ccd-4706-9625-615e24100170 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	374	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4635a87d-b2c6-419c-bfe5-035e133bf942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	373	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4635a87d-b2c6-419c-bfe5-035e133bf942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	372	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4635a87d-b2c6-419c-bfe5-035e133bf942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	371	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4635a87d-b2c6-419c-bfe5-035e133bf942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	370	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4635a87d-b2c6-419c-bfe5-035e133bf942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	369	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4635a87d-b2c6-419c-bfe5-035e133bf942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	368	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4635a87d-b2c6-419c-bfe5-035e133bf942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	367	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4635a87d-b2c6-419c-bfe5-035e133bf942 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	366	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=35d2f00c-bc70-43b0-ae10-f111ca671554 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d58d1064-ef5f-46ee-b8dc-a80f4f7fd951 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	365	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=35d2f00c-bc70-43b0-ae10-f111ca671554 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	364	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=35d2f00c-bc70-43b0-ae10-f111ca671554 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	363	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=35d2f00c-bc70-43b0-ae10-f111ca671554 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	362	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=35d2f00c-bc70-43b0-ae10-f111ca671554 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	361	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=35d2f00c-bc70-43b0-ae10-f111ca671554 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	360	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=35d2f00c-bc70-43b0-ae10-f111ca671554 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	359	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c066c497-28d1-430f-86a5-22534c503ca4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=44f287da-7129-477c-a8e2-717df25f4793 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	358	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=09976427-71a6-4edd-bbd5-2cea069cfca6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5322d0e4-1880-432b-b504-806cade70db0 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	357	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=09976427-71a6-4edd-bbd5-2cea069cfca6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5322d0e4-1880-432b-b504-806cade70db0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	356	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=09976427-71a6-4edd-bbd5-2cea069cfca6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	355	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=09976427-71a6-4edd-bbd5-2cea069cfca6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	354	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=09976427-71a6-4edd-bbd5-2cea069cfca6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	353	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=09976427-71a6-4edd-bbd5-2cea069cfca6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	352	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=09976427-71a6-4edd-bbd5-2cea069cfca6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	351	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=09976427-71a6-4edd-bbd5-2cea069cfca6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	350	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=09976427-71a6-4edd-bbd5-2cea069cfca6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	349	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=09976427-71a6-4edd-bbd5-2cea069cfca6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	348	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c066c497-28d1-430f-86a5-22534c503ca4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=44f287da-7129-477c-a8e2-717df25f4793 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	347	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c066c497-28d1-430f-86a5-22534c503ca4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	346	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c066c497-28d1-430f-86a5-22534c503ca4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	345	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c066c497-28d1-430f-86a5-22534c503ca4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	344	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c066c497-28d1-430f-86a5-22534c503ca4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	343	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c066c497-28d1-430f-86a5-22534c503ca4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	342	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c066c497-28d1-430f-86a5-22534c503ca4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	341	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=558ad913-bd46-44b0-9073-aee6e403032e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=07aa72c9-4e37-42a7-81f6-eb9ef66689be PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	340	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=9fc48ebe-b729-45b4-b3c7-e20d20fb26c8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=74a24805-0dbd-4278-b353-605abd28cd0f PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	339	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9fc48ebe-b729-45b4-b3c7-e20d20fb26c8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=74a24805-0dbd-4278-b353-605abd28cd0f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	338	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9fc48ebe-b729-45b4-b3c7-e20d20fb26c8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	337	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9fc48ebe-b729-45b4-b3c7-e20d20fb26c8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	336	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9fc48ebe-b729-45b4-b3c7-e20d20fb26c8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	335	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9fc48ebe-b729-45b4-b3c7-e20d20fb26c8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	334	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9fc48ebe-b729-45b4-b3c7-e20d20fb26c8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	333	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9fc48ebe-b729-45b4-b3c7-e20d20fb26c8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	332	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9fc48ebe-b729-45b4-b3c7-e20d20fb26c8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	331	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9fc48ebe-b729-45b4-b3c7-e20d20fb26c8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	330	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=558ad913-bd46-44b0-9073-aee6e403032e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=07aa72c9-4e37-42a7-81f6-eb9ef66689be PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	329	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=558ad913-bd46-44b0-9073-aee6e403032e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	328	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=558ad913-bd46-44b0-9073-aee6e403032e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	327	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=558ad913-bd46-44b0-9073-aee6e403032e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	326	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=558ad913-bd46-44b0-9073-aee6e403032e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	325	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=558ad913-bd46-44b0-9073-aee6e403032e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	324	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=558ad913-bd46-44b0-9073-aee6e403032e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	323	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0714de3-e1ec-4ea9-bdff-34077de54578 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a24db95f-d109-455b-8fa1-40f487b7cdcf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	322	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=665a544f-d3b1-4ca2-a68d-ba2a011ec72d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5ce0a703-1099-435b-abd0-422c64dea445 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	321	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=665a544f-d3b1-4ca2-a68d-ba2a011ec72d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5ce0a703-1099-435b-abd0-422c64dea445 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	320	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=665a544f-d3b1-4ca2-a68d-ba2a011ec72d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	319	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=665a544f-d3b1-4ca2-a68d-ba2a011ec72d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	318	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=665a544f-d3b1-4ca2-a68d-ba2a011ec72d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	317	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=665a544f-d3b1-4ca2-a68d-ba2a011ec72d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	316	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=665a544f-d3b1-4ca2-a68d-ba2a011ec72d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	315	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=665a544f-d3b1-4ca2-a68d-ba2a011ec72d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	314	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=665a544f-d3b1-4ca2-a68d-ba2a011ec72d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	313	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=665a544f-d3b1-4ca2-a68d-ba2a011ec72d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	312	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0714de3-e1ec-4ea9-bdff-34077de54578 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a24db95f-d109-455b-8fa1-40f487b7cdcf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	311	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0714de3-e1ec-4ea9-bdff-34077de54578 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	310	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0714de3-e1ec-4ea9-bdff-34077de54578 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	309	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0714de3-e1ec-4ea9-bdff-34077de54578 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	308	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0714de3-e1ec-4ea9-bdff-34077de54578 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	307	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0714de3-e1ec-4ea9-bdff-34077de54578 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	306	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0714de3-e1ec-4ea9-bdff-34077de54578 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	305	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7b892af8-e821-402a-8d06-885a5d0cfa4f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2c3b56c1-14b9-46d8-b0cf-74c911f19a9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	304	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=9be9aea3-a41a-4f9a-8d37-d03a2f43a091 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6c0b2159-4507-4d8a-8a52-16b8b95d55b7 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	303	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9be9aea3-a41a-4f9a-8d37-d03a2f43a091 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6c0b2159-4507-4d8a-8a52-16b8b95d55b7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	302	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9be9aea3-a41a-4f9a-8d37-d03a2f43a091 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	301	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9be9aea3-a41a-4f9a-8d37-d03a2f43a091 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	300	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9be9aea3-a41a-4f9a-8d37-d03a2f43a091 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	299	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9be9aea3-a41a-4f9a-8d37-d03a2f43a091 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	298	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9be9aea3-a41a-4f9a-8d37-d03a2f43a091 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	297	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9be9aea3-a41a-4f9a-8d37-d03a2f43a091 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	296	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9be9aea3-a41a-4f9a-8d37-d03a2f43a091 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	295	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9be9aea3-a41a-4f9a-8d37-d03a2f43a091 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	294	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7b892af8-e821-402a-8d06-885a5d0cfa4f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2c3b56c1-14b9-46d8-b0cf-74c911f19a9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	293	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7b892af8-e821-402a-8d06-885a5d0cfa4f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	292	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7b892af8-e821-402a-8d06-885a5d0cfa4f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	291	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7b892af8-e821-402a-8d06-885a5d0cfa4f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	290	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7b892af8-e821-402a-8d06-885a5d0cfa4f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	289	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7b892af8-e821-402a-8d06-885a5d0cfa4f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	288	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7b892af8-e821-402a-8d06-885a5d0cfa4f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	287	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c7a4a46-8514-4d97-9a1f-bc58743d145b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=40120a94-15e1-4350-acf5-80d8cc971181 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	286	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=d4f54de4-80ac-4595-9988-4aa6ea9d8786 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5ddd24e4-a414-4b91-a59f-f05501022895 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	285	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d4f54de4-80ac-4595-9988-4aa6ea9d8786 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5ddd24e4-a414-4b91-a59f-f05501022895 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	284	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d4f54de4-80ac-4595-9988-4aa6ea9d8786 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	283	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d4f54de4-80ac-4595-9988-4aa6ea9d8786 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	282	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d4f54de4-80ac-4595-9988-4aa6ea9d8786 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	281	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d4f54de4-80ac-4595-9988-4aa6ea9d8786 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	280	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d4f54de4-80ac-4595-9988-4aa6ea9d8786 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	279	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d4f54de4-80ac-4595-9988-4aa6ea9d8786 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	278	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d4f54de4-80ac-4595-9988-4aa6ea9d8786 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	277	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d4f54de4-80ac-4595-9988-4aa6ea9d8786 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	276	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c7a4a46-8514-4d97-9a1f-bc58743d145b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=40120a94-15e1-4350-acf5-80d8cc971181 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	275	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c7a4a46-8514-4d97-9a1f-bc58743d145b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	274	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c7a4a46-8514-4d97-9a1f-bc58743d145b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	273	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c7a4a46-8514-4d97-9a1f-bc58743d145b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	272	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c7a4a46-8514-4d97-9a1f-bc58743d145b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	271	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c7a4a46-8514-4d97-9a1f-bc58743d145b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	270	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c7a4a46-8514-4d97-9a1f-bc58743d145b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	269	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d5feb0a-e8cc-4055-ba58-49934593db56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7df4f816-9bd8-4325-9382-4d712795f8be PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	268	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=8615f6b3-36f1-41b8-85eb-859a3501c257 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7d8ccc96-12d3-4675-9988-bcb034507adc PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	267	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8615f6b3-36f1-41b8-85eb-859a3501c257 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7d8ccc96-12d3-4675-9988-bcb034507adc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	266	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8615f6b3-36f1-41b8-85eb-859a3501c257 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	265	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8615f6b3-36f1-41b8-85eb-859a3501c257 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	264	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8615f6b3-36f1-41b8-85eb-859a3501c257 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	263	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8615f6b3-36f1-41b8-85eb-859a3501c257 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	262	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8615f6b3-36f1-41b8-85eb-859a3501c257 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	261	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8615f6b3-36f1-41b8-85eb-859a3501c257 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	260	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8615f6b3-36f1-41b8-85eb-859a3501c257 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	259	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8615f6b3-36f1-41b8-85eb-859a3501c257 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	258	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d5feb0a-e8cc-4055-ba58-49934593db56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7df4f816-9bd8-4325-9382-4d712795f8be PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	257	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d5feb0a-e8cc-4055-ba58-49934593db56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	256	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d5feb0a-e8cc-4055-ba58-49934593db56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	255	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d5feb0a-e8cc-4055-ba58-49934593db56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	254	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d5feb0a-e8cc-4055-ba58-49934593db56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	253	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d5feb0a-e8cc-4055-ba58-49934593db56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	252	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d5feb0a-e8cc-4055-ba58-49934593db56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	251	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1ee499e3-0048-4a54-aa39-f71e0eebf263 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c487f401-49c2-47d8-841c-27d5a55d00b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	250	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=47dc37dd-5bc2-4d95-a0cb-ef564c23d733 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2fb03b66-384f-42c3-b9e6-093fd300db25 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	249	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=47dc37dd-5bc2-4d95-a0cb-ef564c23d733 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2fb03b66-384f-42c3-b9e6-093fd300db25 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	248	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=47dc37dd-5bc2-4d95-a0cb-ef564c23d733 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	247	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=47dc37dd-5bc2-4d95-a0cb-ef564c23d733 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	246	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=47dc37dd-5bc2-4d95-a0cb-ef564c23d733 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	245	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=47dc37dd-5bc2-4d95-a0cb-ef564c23d733 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	244	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=47dc37dd-5bc2-4d95-a0cb-ef564c23d733 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	243	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=47dc37dd-5bc2-4d95-a0cb-ef564c23d733 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	242	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=47dc37dd-5bc2-4d95-a0cb-ef564c23d733 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	241	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=47dc37dd-5bc2-4d95-a0cb-ef564c23d733 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	240	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1ee499e3-0048-4a54-aa39-f71e0eebf263 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c487f401-49c2-47d8-841c-27d5a55d00b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	239	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1ee499e3-0048-4a54-aa39-f71e0eebf263 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	238	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1ee499e3-0048-4a54-aa39-f71e0eebf263 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	237	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1ee499e3-0048-4a54-aa39-f71e0eebf263 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	236	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1ee499e3-0048-4a54-aa39-f71e0eebf263 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	235	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1ee499e3-0048-4a54-aa39-f71e0eebf263 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	234	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1ee499e3-0048-4a54-aa39-f71e0eebf263 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	233	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed24b766-04f0-4f71-ae79-dac889d1d531 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9a32a2b4-c050-4781-9ab8-1b594cb34288 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	232	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e258ca7-6fcb-4a8d-a68c-e40db94326f2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion=5.1.14393.1944 RunspaceId=f4215496-2c1a-43cf-bd47-cad64ab64f0e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	231	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e258ca7-6fcb-4a8d-a68c-e40db94326f2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion=5.1.14393.1944 RunspaceId=f4215496-2c1a-43cf-bd47-cad64ab64f0e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	230	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e258ca7-6fcb-4a8d-a68c-e40db94326f2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	229	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e258ca7-6fcb-4a8d-a68c-e40db94326f2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	228	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e258ca7-6fcb-4a8d-a68c-e40db94326f2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	227	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e258ca7-6fcb-4a8d-a68c-e40db94326f2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	226	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e258ca7-6fcb-4a8d-a68c-e40db94326f2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	225	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e258ca7-6fcb-4a8d-a68c-e40db94326f2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	224	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=305f65a7-b4bf-418a-be7b-cd18f10a99b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6613880f-2848-44a8-82d7-6d12aeb90ff6 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	223	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=305f65a7-b4bf-418a-be7b-cd18f10a99b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6613880f-2848-44a8-82d7-6d12aeb90ff6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	222	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=305f65a7-b4bf-418a-be7b-cd18f10a99b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	221	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=305f65a7-b4bf-418a-be7b-cd18f10a99b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	220	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=305f65a7-b4bf-418a-be7b-cd18f10a99b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	219	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=305f65a7-b4bf-418a-be7b-cd18f10a99b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	218	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=305f65a7-b4bf-418a-be7b-cd18f10a99b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	217	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=305f65a7-b4bf-418a-be7b-cd18f10a99b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	216	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=305f65a7-b4bf-418a-be7b-cd18f10a99b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	215	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=305f65a7-b4bf-418a-be7b-cd18f10a99b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	214	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed24b766-04f0-4f71-ae79-dac889d1d531 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9a32a2b4-c050-4781-9ab8-1b594cb34288 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	213	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed24b766-04f0-4f71-ae79-dac889d1d531 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	212	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed24b766-04f0-4f71-ae79-dac889d1d531 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	211	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed24b766-04f0-4f71-ae79-dac889d1d531 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	210	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed24b766-04f0-4f71-ae79-dac889d1d531 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	209	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed24b766-04f0-4f71-ae79-dac889d1d531 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	208	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed24b766-04f0-4f71-ae79-dac889d1d531 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	207	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e6bcba57-386c-4cf1-8982-5d6df6767390 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=bda71580-1dc4-4372-b1d1-e4cfe439d1d7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	206	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3716f64-c321-4cc6-bb59-dc8707ddb1e0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3169e2ba-c3e1-477c-ac46-359dc39af73f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	205	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3716f64-c321-4cc6-bb59-dc8707ddb1e0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	204	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3716f64-c321-4cc6-bb59-dc8707ddb1e0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	203	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3716f64-c321-4cc6-bb59-dc8707ddb1e0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	202	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3716f64-c321-4cc6-bb59-dc8707ddb1e0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	201	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3716f64-c321-4cc6-bb59-dc8707ddb1e0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	200	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3716f64-c321-4cc6-bb59-dc8707ddb1e0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	199	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3716f64-c321-4cc6-bb59-dc8707ddb1e0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	198	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3716f64-c321-4cc6-bb59-dc8707ddb1e0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	197	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:21:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e6bcba57-386c-4cf1-8982-5d6df6767390 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=bda71580-1dc4-4372-b1d1-e4cfe439d1d7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	196	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e6bcba57-386c-4cf1-8982-5d6df6767390 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	195	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e6bcba57-386c-4cf1-8982-5d6df6767390 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	194	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e6bcba57-386c-4cf1-8982-5d6df6767390 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	193	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e6bcba57-386c-4cf1-8982-5d6df6767390 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	192	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e6bcba57-386c-4cf1-8982-5d6df6767390 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	191	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e6bcba57-386c-4cf1-8982-5d6df6767390 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	190	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=36 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ca1ea19-508f-43ba-820a-69ac9309c5e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=16c0e403-33bc-49b3-93b7-7d4105a2aefa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	189	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=34 UserId=N-H1-844507-6\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=5e29cac5-4c5e-4624-8edf-d8a5249a1e4c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d4860c98-ff39-47e8-bac5-34441f520d2b PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"	800		0	4	8		36028797018963968	188	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5e29cac5-4c5e-4624-8edf-d8a5249a1e4c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d4860c98-ff39-47e8-bac5-34441f520d2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	187	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5e29cac5-4c5e-4624-8edf-d8a5249a1e4c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	186	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5e29cac5-4c5e-4624-8edf-d8a5249a1e4c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	185	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5e29cac5-4c5e-4624-8edf-d8a5249a1e4c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	184	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5e29cac5-4c5e-4624-8edf-d8a5249a1e4c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	183	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5e29cac5-4c5e-4624-8edf-d8a5249a1e4c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	182	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5e29cac5-4c5e-4624-8edf-d8a5249a1e4c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	181	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5e29cac5-4c5e-4624-8edf-d8a5249a1e4c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	180	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5e29cac5-4c5e-4624-8edf-d8a5249a1e4c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	179	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ca1ea19-508f-43ba-820a-69ac9309c5e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=16c0e403-33bc-49b3-93b7-7d4105a2aefa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	178	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ca1ea19-508f-43ba-820a-69ac9309c5e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	177	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ca1ea19-508f-43ba-820a-69ac9309c5e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	176	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ca1ea19-508f-43ba-820a-69ac9309c5e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	175	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ca1ea19-508f-43ba-820a-69ac9309c5e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	174	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ca1ea19-508f-43ba-820a-69ac9309c5e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	173	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ca1ea19-508f-43ba-820a-69ac9309c5e2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	172	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:20:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6928365e-22f0-412b-966e-90b573b96724 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c1471919-2449-4d7d-b2fb-c2f499b4fbcb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	171	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:19:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3e55806c-0cde-46b6-98ce-d6d375fd2330 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=be157c38-134b-4900-908c-d037805feb27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	170	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:19:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3e55806c-0cde-46b6-98ce-d6d375fd2330 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	169	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:19:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3e55806c-0cde-46b6-98ce-d6d375fd2330 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	168	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:19:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3e55806c-0cde-46b6-98ce-d6d375fd2330 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	167	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:19:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3e55806c-0cde-46b6-98ce-d6d375fd2330 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	166	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:19:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3e55806c-0cde-46b6-98ce-d6d375fd2330 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	165	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:19:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3e55806c-0cde-46b6-98ce-d6d375fd2330 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	164	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:19:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3e55806c-0cde-46b6-98ce-d6d375fd2330 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	163	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:19:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3e55806c-0cde-46b6-98ce-d6d375fd2330 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	162	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:19:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6928365e-22f0-412b-966e-90b573b96724 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c1471919-2449-4d7d-b2fb-c2f499b4fbcb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	161	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:19:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6928365e-22f0-412b-966e-90b573b96724 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	160	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:19:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6928365e-22f0-412b-966e-90b573b96724 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	159	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:19:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6928365e-22f0-412b-966e-90b573b96724 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	158	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:19:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6928365e-22f0-412b-966e-90b573b96724 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	157	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:19:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6928365e-22f0-412b-966e-90b573b96724 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	156	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:19:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6928365e-22f0-412b-966e-90b573b96724 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	155	PowerShell		Windows PowerShell			n-h1-844507-6		7/20/2022 9:19:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion=5.1.14393.1944 RunspaceId=7daab07d-0651-4522-8638-68cfa15aacea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	154	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	153	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=13 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	152	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	151	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	150	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	149	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	148	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	147	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	146	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=5.1.14393.1944 RunspaceId=aec94911-82d5-4605-ada7-e49055ea6007 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	145	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:41:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	144	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:41:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	143	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:41:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	142	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:41:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	141	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:41:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	140	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:41:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	139	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:41:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=5.1.14393.1944 RunspaceId=8db922f0-0511-49c4-b38a-fbdb0b2889c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	138	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:27:28 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	137	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:27:28 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	136	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:27:28 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	135	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:27:28 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	134	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:27:28 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	133	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:27:28 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	132	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:27:28 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2011431-ed26-493a-9d87-2110cadf0708 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=5.1.14393.1944 RunspaceId=f313b4cd-0f39-498d-9ea1-7d6a0388a78e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	131	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:23:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2011431-ed26-493a-9d87-2110cadf0708 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	130	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:23:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2011431-ed26-493a-9d87-2110cadf0708 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	129	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:23:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2011431-ed26-493a-9d87-2110cadf0708 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	128	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:23:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2011431-ed26-493a-9d87-2110cadf0708 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	127	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:23:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2011431-ed26-493a-9d87-2110cadf0708 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	126	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:23:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2011431-ed26-493a-9d87-2110cadf0708 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	125	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:23:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=5.1.14393.1944 RunspaceId=36a249c5-de3e-419e-a7df-98ad369b2d9e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	124	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:19:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	123	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:19:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	122	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:19:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	121	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:19:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	120	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:19:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	119	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:19:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	118	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:19:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=19 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=52ed0133-95ba-4d7e-a2ba-ec8c934216bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	117	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:11:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}. Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=98467050-eab8-4e58-97d4-7e9397ff0dd0 PipelineId=1 ScriptName= CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"	800		0	4	8		36028797018963968	116	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:07 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=98467050-eab8-4e58-97d4-7e9397ff0dd0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	115	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:06 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	114	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:05 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	113	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:05 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	112	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:05 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	111	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:05 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	110	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:05 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	109	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:05 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=52ed0133-95ba-4d7e-a2ba-ec8c934216bb PipelineId=1 ScriptName=C:\UnattendResources\ini.psm1 CommandLine=Add-Type -TypeDefinition $Source -Language CSharp Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp"	800		0	4	8		36028797018963968	108	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:05 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=52ed0133-95ba-4d7e-a2ba-ec8c934216bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	107	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:03 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	106	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:03 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	105	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:03 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	104	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:03 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	103	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:03 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	102	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:03 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	101	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:03 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=17 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=4d6fad3d-f0b3-4bbe-8ad9-b26d9ec7292f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	100	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:54:38 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}. Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=a4a0a07f-06ac-4a2d-86a2-f4c056fed0a8 PipelineId=1 ScriptName= CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"	800		0	4	8		36028797018963968	99	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:16 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=a4a0a07f-06ac-4a2d-86a2-f4c056fed0a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	98	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	97	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	96	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	95	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	94	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	93	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	92	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=4d6fad3d-f0b3-4bbe-8ad9-b26d9ec7292f PipelineId=1 ScriptName=C:\UnattendResources\ini.psm1 CommandLine=Add-Type -TypeDefinition $Source -Language CSharp Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp"	800		0	4	8		36028797018963968	91	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=4d6fad3d-f0b3-4bbe-8ad9-b26d9ec7292f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	90	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:11 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	89	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:10 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	88	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:10 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	87	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:10 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	86	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:10 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	85	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:10 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	84	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:10 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=17 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=c332c739-15b8-4812-b056-a474dd9993ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	83	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:45:55 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}. Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=27951a80-e512-49a7-b578-8a8c4c59ae5e PipelineId=1 ScriptName= CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"	800		0	4	8		36028797018963968	82	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:16 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=27951a80-e512-49a7-b578-8a8c4c59ae5e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	81	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	80	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	79	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	78	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	77	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	76	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	75	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=c332c739-15b8-4812-b056-a474dd9993ce PipelineId=1 ScriptName=C:\UnattendResources\ini.psm1 CommandLine=Add-Type -TypeDefinition $Source -Language CSharp Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp"	800		0	4	8		36028797018963968	74	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=c332c739-15b8-4812-b056-a474dd9993ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	73	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	72	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	71	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	70	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	69	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	68	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	67	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}. Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=4d7d6ea6-001a-4f6f-8ec6-2fb1c9710a0b PipelineId=1 ScriptName= CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"	800		0	4	8		36028797018963968	66	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=4d7d6ea6-001a-4f6f-8ec6-2fb1c9710a0b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	65	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	64	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	63	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	62	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	61	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	60	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	59	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=0abd4cfa-d693-4f23-b0cc-b5ff1c872ac6 PipelineId=1 ScriptName=C:\UnattendResources\ini.psm1 CommandLine=Add-Type -TypeDefinition $Source -Language CSharp Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp"	800		0	4	8		36028797018963968	58	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=0abd4cfa-d693-4f23-b0cc-b5ff1c872ac6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	57	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	56	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	55	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	54	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	53	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	52	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	51	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=17 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=21324846-87d1-4add-8e96-8b8ecf3baec5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	50	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:02:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}. Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=435f43b7-5ec6-41ea-9e53-9b93107b8d41 PipelineId=1 ScriptName= CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"	800		0	4	8		36028797018963968	49	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=435f43b7-5ec6-41ea-9e53-9b93107b8d41 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	48	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	47	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	46	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	45	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	44	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	43	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	42	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=21324846-87d1-4add-8e96-8b8ecf3baec5 PipelineId=1 ScriptName=C:\UnattendResources\ini.psm1 CommandLine=Add-Type -TypeDefinition $Source -Language CSharp Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp"	800		0	4	8		36028797018963968	41	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=21324846-87d1-4add-8e96-8b8ecf3baec5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	40	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	39	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	38	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	37	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	36	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	35	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	34	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=17 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.0 RunspaceId=9f172a18-8cea-4b39-aef6-cb820c01f9d3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	33	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:35:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}. Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.0 RunspaceId=e01d735e-b2d6-4538-b5bc-96db397d918b PipelineId=1 ScriptName= CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"	800		0	4	8		36028797018963968	32	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.0 RunspaceId=e01d735e-b2d6-4538-b5bc-96db397d918b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	31	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	30	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	29	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	28	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	27	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	26	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	25	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.0 RunspaceId=9f172a18-8cea-4b39-aef6-cb820c01f9d3 PipelineId=1 ScriptName=C:\UnattendResources\ini.psm1 CommandLine=Add-Type -TypeDefinition $Source -Language CSharp Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp"	800		0	4	8		36028797018963968	24	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.0 RunspaceId=9f172a18-8cea-4b39-aef6-cb820c01f9d3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	23	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	22	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	21	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	20	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	19	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	18	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	17	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion=5.1.14393.0 RunspaceId=8cefcba8-87f3-4fed-b96a-f2c105b2f3da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	16	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion=5.1.14393.0 RunspaceId=8cefcba8-87f3-4fed-b96a-f2c105b2f3da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	15	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	14	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	13	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	12	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	11	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	10	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	9	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion=5.1.14393.0 RunspaceId=16e771eb-c367-43f8-b362-2bd303750968 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	8	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion=5.1.14393.0 RunspaceId=16e771eb-c367-43f8-b362-2bd303750968 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	7	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	6	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	5	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	4	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]