| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=12261d3b-fed6-44f3-9100-bbb92d4980c2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=5.1.14393.1944
RunspaceId=162b2977-6040-44d6-861d-4d6880307c24
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3127 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=12261d3b-fed6-44f3-9100-bbb92d4980c2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3126 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=12261d3b-fed6-44f3-9100-bbb92d4980c2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3125 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=12261d3b-fed6-44f3-9100-bbb92d4980c2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3124 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=12261d3b-fed6-44f3-9100-bbb92d4980c2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3123 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=12261d3b-fed6-44f3-9100-bbb92d4980c2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3122 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=12261d3b-fed6-44f3-9100-bbb92d4980c2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3121 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=46fbac18-fcef-44aa-9c2f-30b0167acc55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c1efa0ae-70e6-4d76-a53d-fee24eb31365
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3120 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=46fbac18-fcef-44aa-9c2f-30b0167acc55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c1efa0ae-70e6-4d76-a53d-fee24eb31365
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3119 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=46fbac18-fcef-44aa-9c2f-30b0167acc55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3118 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=46fbac18-fcef-44aa-9c2f-30b0167acc55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3117 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=46fbac18-fcef-44aa-9c2f-30b0167acc55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3116 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=46fbac18-fcef-44aa-9c2f-30b0167acc55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3115 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=46fbac18-fcef-44aa-9c2f-30b0167acc55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3114 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=46fbac18-fcef-44aa-9c2f-30b0167acc55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3113 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=46fbac18-fcef-44aa-9c2f-30b0167acc55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3112 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=46fbac18-fcef-44aa-9c2f-30b0167acc55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3111 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d34bdeb7-78ec-4006-946d-d3f91eb65ca5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=00f9b5b4-d7e8-47af-9968-d7b575e4496c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3110 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d34bdeb7-78ec-4006-946d-d3f91eb65ca5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3109 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d34bdeb7-78ec-4006-946d-d3f91eb65ca5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3108 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d34bdeb7-78ec-4006-946d-d3f91eb65ca5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3107 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d34bdeb7-78ec-4006-946d-d3f91eb65ca5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3106 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d34bdeb7-78ec-4006-946d-d3f91eb65ca5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3105 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d34bdeb7-78ec-4006-946d-d3f91eb65ca5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3104 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=06fedb40-5024-4976-b904-c42ad671206c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABZAEEATQBBAEEAdQBBAEQAWQBBAE8AUQBBAHQAQQBEAEUAQQBNAEEAQQAyAEEARABnAEEATgBnAEEAeQBBAEQAZwBBAE0AQQBBAHoAQQBEAFUAQQBNAFEAQQAzAEEARABnAEEATgB3AEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=73009828-b105-423c-b50e-566277112d13
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3103 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=16183f9e-48d9-4a86-b52f-041901ff6a73
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADYAMAAuADYAOQAtADEAMAA2ADgANgAyADgAMAAzADUAMQA3ADgANwA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=a213a3f9-dc5e-49d5-89b0-d0430d2bf9d4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3102 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=16183f9e-48d9-4a86-b52f-041901ff6a73
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADYAMAAuADYAOQAtADEAMAA2ADgANgAyADgAMAAzADUAMQA3ADgANwA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=a213a3f9-dc5e-49d5-89b0-d0430d2bf9d4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3101 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=16183f9e-48d9-4a86-b52f-041901ff6a73
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADYAMAAuADYAOQAtADEAMAA2ADgANgAyADgAMAAzADUAMQA3ADgANwA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3100 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=16183f9e-48d9-4a86-b52f-041901ff6a73
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADYAMAAuADYAOQAtADEAMAA2ADgANgAyADgAMAAzADUAMQA3ADgANwA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3099 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=16183f9e-48d9-4a86-b52f-041901ff6a73
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADYAMAAuADYAOQAtADEAMAA2ADgANgAyADgAMAAzADUAMQA3ADgANwA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3098 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=16183f9e-48d9-4a86-b52f-041901ff6a73
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADYAMAAuADYAOQAtADEAMAA2ADgANgAyADgAMAAzADUAMQA3ADgANwA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3097 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=16183f9e-48d9-4a86-b52f-041901ff6a73
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADYAMAAuADYAOQAtADEAMAA2ADgANgAyADgAMAAzADUAMQA3ADgANwA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3096 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=16183f9e-48d9-4a86-b52f-041901ff6a73
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADYAMAAuADYAOQAtADEAMAA2ADgANgAyADgAMAAzADUAMQA3ADgANwA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3095 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=06fedb40-5024-4976-b904-c42ad671206c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABZAEEATQBBAEEAdQBBAEQAWQBBAE8AUQBBAHQAQQBEAEUAQQBNAEEAQQAyAEEARABnAEEATgBnAEEAeQBBAEQAZwBBAE0AQQBBAHoAQQBEAFUAQQBNAFEAQQAzAEEARABnAEEATgB3AEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=73009828-b105-423c-b50e-566277112d13
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3094 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=06fedb40-5024-4976-b904-c42ad671206c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABZAEEATQBBAEEAdQBBAEQAWQBBAE8AUQBBAHQAQQBEAEUAQQBNAEEAQQAyAEEARABnAEEATgBnAEEAeQBBAEQAZwBBAE0AQQBBAHoAQQBEAFUAQQBNAFEAQQAzAEEARABnAEEATgB3AEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3093 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=06fedb40-5024-4976-b904-c42ad671206c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABZAEEATQBBAEEAdQBBAEQAWQBBAE8AUQBBAHQAQQBEAEUAQQBNAEEAQQAyAEEARABnAEEATgBnAEEAeQBBAEQAZwBBAE0AQQBBAHoAQQBEAFUAQQBNAFEAQQAzAEEARABnAEEATgB3AEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3092 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=06fedb40-5024-4976-b904-c42ad671206c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABZAEEATQBBAEEAdQBBAEQAWQBBAE8AUQBBAHQAQQBEAEUAQQBNAEEAQQAyAEEARABnAEEATgBnAEEAeQBBAEQAZwBBAE0AQQBBAHoAQQBEAFUAQQBNAFEAQQAzAEEARABnAEEATgB3AEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3091 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=06fedb40-5024-4976-b904-c42ad671206c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABZAEEATQBBAEEAdQBBAEQAWQBBAE8AUQBBAHQAQQBEAEUAQQBNAEEAQQAyAEEARABnAEEATgBnAEEAeQBBAEQAZwBBAE0AQQBBAHoAQQBEAFUAQQBNAFEAQQAzAEEARABnAEEATgB3AEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3090 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=06fedb40-5024-4976-b904-c42ad671206c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABZAEEATQBBAEEAdQBBAEQAWQBBAE8AUQBBAHQAQQBEAEUAQQBNAEEAQQAyAEEARABnAEEATgBnAEEAeQBBAEQAZwBBAE0AQQBBAHoAQQBEAFUAQQBNAFEAQQAzAEEARABnAEEATgB3AEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3089 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=06fedb40-5024-4976-b904-c42ad671206c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABZAEEATQBBAEEAdQBBAEQAWQBBAE8AUQBBAHQAQQBEAEUAQQBNAEEAQQAyAEEARABnAEEATgBnAEEAeQBBAEQAZwBBAE0AQQBBAHoAQQBEAFUAQQBNAFEAQQAzAEEARABnAEEATgB3AEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3088 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=81ced62a-cf0a-41ae-8a88-2c25faf0ccd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ef1134ce-b827-4076-b3b0-11096bf3c559
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3087 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4c335b5c-dd5b-4e05-ae49-1a1830e88d6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d1127ad1-7904-4128-a80a-9d21abbe9ef7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3086 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4c335b5c-dd5b-4e05-ae49-1a1830e88d6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3085 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4c335b5c-dd5b-4e05-ae49-1a1830e88d6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3084 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4c335b5c-dd5b-4e05-ae49-1a1830e88d6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3083 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4c335b5c-dd5b-4e05-ae49-1a1830e88d6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3082 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4c335b5c-dd5b-4e05-ae49-1a1830e88d6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3081 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4c335b5c-dd5b-4e05-ae49-1a1830e88d6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3080 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4c335b5c-dd5b-4e05-ae49-1a1830e88d6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3079 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4c335b5c-dd5b-4e05-ae49-1a1830e88d6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3078 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=81ced62a-cf0a-41ae-8a88-2c25faf0ccd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ef1134ce-b827-4076-b3b0-11096bf3c559
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3077 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=81ced62a-cf0a-41ae-8a88-2c25faf0ccd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3076 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=81ced62a-cf0a-41ae-8a88-2c25faf0ccd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3075 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=81ced62a-cf0a-41ae-8a88-2c25faf0ccd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3074 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=81ced62a-cf0a-41ae-8a88-2c25faf0ccd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3073 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=81ced62a-cf0a-41ae-8a88-2c25faf0ccd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3072 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=81ced62a-cf0a-41ae-8a88-2c25faf0ccd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3071 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38859d5e-a863-4a7a-a2ec-79734e3e7ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADYAMAAuADYAOQAtADEAMAA2ADgANgAyADgAMAAzADUAMQA3ADgANwA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=769e82be-c339-4286-8594-924c3ad95f44
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3070 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38859d5e-a863-4a7a-a2ec-79734e3e7ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADYAMAAuADYAOQAtADEAMAA2ADgANgAyADgAMAAzADUAMQA3ADgANwA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=769e82be-c339-4286-8594-924c3ad95f44
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3069 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38859d5e-a863-4a7a-a2ec-79734e3e7ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADYAMAAuADYAOQAtADEAMAA2ADgANgAyADgAMAAzADUAMQA3ADgANwA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3068 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38859d5e-a863-4a7a-a2ec-79734e3e7ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADYAMAAuADYAOQAtADEAMAA2ADgANgAyADgAMAAzADUAMQA3ADgANwA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3067 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38859d5e-a863-4a7a-a2ec-79734e3e7ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADYAMAAuADYAOQAtADEAMAA2ADgANgAyADgAMAAzADUAMQA3ADgANwA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3066 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38859d5e-a863-4a7a-a2ec-79734e3e7ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADYAMAAuADYAOQAtADEAMAA2ADgANgAyADgAMAAzADUAMQA3ADgANwA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3065 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38859d5e-a863-4a7a-a2ec-79734e3e7ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADYAMAAuADYAOQAtADEAMAA2ADgANgAyADgAMAAzADUAMQA3ADgANwA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3064 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38859d5e-a863-4a7a-a2ec-79734e3e7ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADYAMAAuADYAOQAtADEAMAA2ADgANgAyADgAMAAzADUAMQA3ADgANwA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3063 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88d6775e-e44c-4b77-ae17-67c9e1a8e92c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2b7ac838-7b2b-4c1b-8973-0b0d66578cf9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3062 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c87b89a9-39d2-4a9a-94d1-cd010ba8d127
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=57362750-99a2-49f6-b556-9503784934bb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3061 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c87b89a9-39d2-4a9a-94d1-cd010ba8d127
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3060 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c87b89a9-39d2-4a9a-94d1-cd010ba8d127
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3059 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c87b89a9-39d2-4a9a-94d1-cd010ba8d127
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3058 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c87b89a9-39d2-4a9a-94d1-cd010ba8d127
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3057 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c87b89a9-39d2-4a9a-94d1-cd010ba8d127
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3056 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c87b89a9-39d2-4a9a-94d1-cd010ba8d127
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3055 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c87b89a9-39d2-4a9a-94d1-cd010ba8d127
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3054 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c87b89a9-39d2-4a9a-94d1-cd010ba8d127
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3053 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88d6775e-e44c-4b77-ae17-67c9e1a8e92c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2b7ac838-7b2b-4c1b-8973-0b0d66578cf9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3052 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88d6775e-e44c-4b77-ae17-67c9e1a8e92c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3051 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88d6775e-e44c-4b77-ae17-67c9e1a8e92c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3050 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88d6775e-e44c-4b77-ae17-67c9e1a8e92c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3049 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88d6775e-e44c-4b77-ae17-67c9e1a8e92c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3048 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88d6775e-e44c-4b77-ae17-67c9e1a8e92c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3047 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88d6775e-e44c-4b77-ae17-67c9e1a8e92c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3046 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb20a536-d415-4d2d-ad4b-b863b25c9cdf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAGcAQQB3AEEAQwA0AEEATgBnAEEANQBBAEMAMABBAE0AUQBBAHcAQQBEAFkAQQBPAEEAQQAyAEEARABJAEEATwBBAEEAdwBBAEQATQBBAE4AUQBBAHgAQQBEAGMAQQBPAEEAQQAzAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=8f8434d0-1abf-4af2-bbf7-2de05137e961
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3045 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5969fd28-2942-412f-aea4-ce88d4827084
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANgAwAC4ANgA5AC0AMQAwADYAOAA2ADIAOAAwADMANQAxADcAOAA3ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=c7662a7e-ef50-466a-a4fa-506340f8c755
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3044 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5969fd28-2942-412f-aea4-ce88d4827084
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANgAwAC4ANgA5AC0AMQAwADYAOAA2ADIAOAAwADMANQAxADcAOAA3ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=c7662a7e-ef50-466a-a4fa-506340f8c755
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3043 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5969fd28-2942-412f-aea4-ce88d4827084
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANgAwAC4ANgA5AC0AMQAwADYAOAA2ADIAOAAwADMANQAxADcAOAA3ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3042 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5969fd28-2942-412f-aea4-ce88d4827084
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANgAwAC4ANgA5AC0AMQAwADYAOAA2ADIAOAAwADMANQAxADcAOAA3ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3041 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5969fd28-2942-412f-aea4-ce88d4827084
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANgAwAC4ANgA5AC0AMQAwADYAOAA2ADIAOAAwADMANQAxADcAOAA3ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3040 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5969fd28-2942-412f-aea4-ce88d4827084
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANgAwAC4ANgA5AC0AMQAwADYAOAA2ADIAOAAwADMANQAxADcAOAA3ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3039 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5969fd28-2942-412f-aea4-ce88d4827084
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANgAwAC4ANgA5AC0AMQAwADYAOAA2ADIAOAAwADMANQAxADcAOAA3ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3038 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5969fd28-2942-412f-aea4-ce88d4827084
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANgAwAC4ANgA5AC0AMQAwADYAOAA2ADIAOAAwADMANQAxADcAOAA3ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3037 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb20a536-d415-4d2d-ad4b-b863b25c9cdf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAGcAQQB3AEEAQwA0AEEATgBnAEEANQBBAEMAMABBAE0AUQBBAHcAQQBEAFkAQQBPAEEAQQAyAEEARABJAEEATwBBAEEAdwBBAEQATQBBAE4AUQBBAHgAQQBEAGMAQQBPAEEAQQAzAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=8f8434d0-1abf-4af2-bbf7-2de05137e961
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3036 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb20a536-d415-4d2d-ad4b-b863b25c9cdf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAGcAQQB3AEEAQwA0AEEATgBnAEEANQBBAEMAMABBAE0AUQBBAHcAQQBEAFkAQQBPAEEAQQAyAEEARABJAEEATwBBAEEAdwBBAEQATQBBAE4AUQBBAHgAQQBEAGMAQQBPAEEAQQAzAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3035 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb20a536-d415-4d2d-ad4b-b863b25c9cdf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAGcAQQB3AEEAQwA0AEEATgBnAEEANQBBAEMAMABBAE0AUQBBAHcAQQBEAFkAQQBPAEEAQQAyAEEARABJAEEATwBBAEEAdwBBAEQATQBBAE4AUQBBAHgAQQBEAGMAQQBPAEEAQQAzAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3034 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb20a536-d415-4d2d-ad4b-b863b25c9cdf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAGcAQQB3AEEAQwA0AEEATgBnAEEANQBBAEMAMABBAE0AUQBBAHcAQQBEAFkAQQBPAEEAQQAyAEEARABJAEEATwBBAEEAdwBBAEQATQBBAE4AUQBBAHgAQQBEAGMAQQBPAEEAQQAzAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3033 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb20a536-d415-4d2d-ad4b-b863b25c9cdf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAGcAQQB3AEEAQwA0AEEATgBnAEEANQBBAEMAMABBAE0AUQBBAHcAQQBEAFkAQQBPAEEAQQAyAEEARABJAEEATwBBAEEAdwBBAEQATQBBAE4AUQBBAHgAQQBEAGMAQQBPAEEAQQAzAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3032 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb20a536-d415-4d2d-ad4b-b863b25c9cdf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAGcAQQB3AEEAQwA0AEEATgBnAEEANQBBAEMAMABBAE0AUQBBAHcAQQBEAFkAQQBPAEEAQQAyAEEARABJAEEATwBBAEEAdwBBAEQATQBBAE4AUQBBAHgAQQBEAGMAQQBPAEEAQQAzAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3031 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb20a536-d415-4d2d-ad4b-b863b25c9cdf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAGcAQQB3AEEAQwA0AEEATgBnAEEANQBBAEMAMABBAE0AUQBBAHcAQQBEAFkAQQBPAEEAQQAyAEEARABJAEEATwBBAEEAdwBBAEQATQBBAE4AUQBBAHgAQQBEAGMAQQBPAEEAQQAzAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3030 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=defb62a3-8992-4fb7-8763-9e06bfead217
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABVAEEATgBnAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAE0AQQBOAHcAQQA0AEEARABRAEEATQB3AEEAegBBAEQAYwBBAE0AUQBBAHkAQQBEAGcAQQBNAEEAQQAyAEEARABjAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=5b612d8d-0267-45de-bb56-952d0756a9a5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3029 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9fe86cb0-d9dc-4b8a-9161-2e616bc39d61
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUANgAuADQANgAtADMANwA4ADQAMwAzADcAMQAyADgAMAA2ADcAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=fd27d8e4-1558-4705-b90d-5ad1c1bbab90
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3028 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9fe86cb0-d9dc-4b8a-9161-2e616bc39d61
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUANgAuADQANgAtADMANwA4ADQAMwAzADcAMQAyADgAMAA2ADcAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=fd27d8e4-1558-4705-b90d-5ad1c1bbab90
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3027 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9fe86cb0-d9dc-4b8a-9161-2e616bc39d61
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUANgAuADQANgAtADMANwA4ADQAMwAzADcAMQAyADgAMAA2ADcAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3026 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9fe86cb0-d9dc-4b8a-9161-2e616bc39d61
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUANgAuADQANgAtADMANwA4ADQAMwAzADcAMQAyADgAMAA2ADcAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3025 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9fe86cb0-d9dc-4b8a-9161-2e616bc39d61
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUANgAuADQANgAtADMANwA4ADQAMwAzADcAMQAyADgAMAA2ADcAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3024 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9fe86cb0-d9dc-4b8a-9161-2e616bc39d61
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUANgAuADQANgAtADMANwA4ADQAMwAzADcAMQAyADgAMAA2ADcAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3023 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9fe86cb0-d9dc-4b8a-9161-2e616bc39d61
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUANgAuADQANgAtADMANwA4ADQAMwAzADcAMQAyADgAMAA2ADcAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3022 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9fe86cb0-d9dc-4b8a-9161-2e616bc39d61
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUANgAuADQANgAtADMANwA4ADQAMwAzADcAMQAyADgAMAA2ADcAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3021 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=defb62a3-8992-4fb7-8763-9e06bfead217
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABVAEEATgBnAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAE0AQQBOAHcAQQA0AEEARABRAEEATQB3AEEAegBBAEQAYwBBAE0AUQBBAHkAQQBEAGcAQQBNAEEAQQAyAEEARABjAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=5b612d8d-0267-45de-bb56-952d0756a9a5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3020 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=defb62a3-8992-4fb7-8763-9e06bfead217
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABVAEEATgBnAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAE0AQQBOAHcAQQA0AEEARABRAEEATQB3AEEAegBBAEQAYwBBAE0AUQBBAHkAQQBEAGcAQQBNAEEAQQAyAEEARABjAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3019 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=defb62a3-8992-4fb7-8763-9e06bfead217
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABVAEEATgBnAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAE0AQQBOAHcAQQA0AEEARABRAEEATQB3AEEAegBBAEQAYwBBAE0AUQBBAHkAQQBEAGcAQQBNAEEAQQAyAEEARABjAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3018 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=defb62a3-8992-4fb7-8763-9e06bfead217
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABVAEEATgBnAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAE0AQQBOAHcAQQA0AEEARABRAEEATQB3AEEAegBBAEQAYwBBAE0AUQBBAHkAQQBEAGcAQQBNAEEAQQAyAEEARABjAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3017 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=defb62a3-8992-4fb7-8763-9e06bfead217
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABVAEEATgBnAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAE0AQQBOAHcAQQA0AEEARABRAEEATQB3AEEAegBBAEQAYwBBAE0AUQBBAHkAQQBEAGcAQQBNAEEAQQAyAEEARABjAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3016 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=defb62a3-8992-4fb7-8763-9e06bfead217
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABVAEEATgBnAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAE0AQQBOAHcAQQA0AEEARABRAEEATQB3AEEAegBBAEQAYwBBAE0AUQBBAHkAQQBEAGcAQQBNAEEAQQAyAEEARABjAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3015 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=defb62a3-8992-4fb7-8763-9e06bfead217
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABVAEEATgBnAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAE0AQQBOAHcAQQA0AEEARABRAEEATQB3AEEAegBBAEQAYwBBAE0AUQBBAHkAQQBEAGcAQQBNAEEAQQAyAEEARABjAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3014 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb187b75-1160-489f-b09f-c7a5ebd450f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c5ba3f66-f49f-40b2-99c5-6e794a9f07ac
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3013 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=993d4c71-75b3-4289-81d5-f8dab151bd03
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=72d18846-cfcb-4087-a385-192108ea0d7c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3012 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=993d4c71-75b3-4289-81d5-f8dab151bd03
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3011 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=993d4c71-75b3-4289-81d5-f8dab151bd03
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3010 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=993d4c71-75b3-4289-81d5-f8dab151bd03
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3009 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=993d4c71-75b3-4289-81d5-f8dab151bd03
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3008 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=993d4c71-75b3-4289-81d5-f8dab151bd03
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3007 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=993d4c71-75b3-4289-81d5-f8dab151bd03
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3006 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=993d4c71-75b3-4289-81d5-f8dab151bd03
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3005 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=993d4c71-75b3-4289-81d5-f8dab151bd03
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3004 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb187b75-1160-489f-b09f-c7a5ebd450f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c5ba3f66-f49f-40b2-99c5-6e794a9f07ac
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3003 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb187b75-1160-489f-b09f-c7a5ebd450f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3002 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb187b75-1160-489f-b09f-c7a5ebd450f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3001 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb187b75-1160-489f-b09f-c7a5ebd450f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3000 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb187b75-1160-489f-b09f-c7a5ebd450f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2999 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb187b75-1160-489f-b09f-c7a5ebd450f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2998 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb187b75-1160-489f-b09f-c7a5ebd450f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2997 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc4c8337-d023-485d-83f0-aec81a240425
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUANgAuADQANgAtADMANwA4ADQAMwAzADcAMQAyADgAMAA2ADcAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=72c3d1eb-4518-4179-a8ce-825b88bff52d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2996 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc4c8337-d023-485d-83f0-aec81a240425
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUANgAuADQANgAtADMANwA4ADQAMwAzADcAMQAyADgAMAA2ADcAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=72c3d1eb-4518-4179-a8ce-825b88bff52d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2995 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc4c8337-d023-485d-83f0-aec81a240425
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUANgAuADQANgAtADMANwA4ADQAMwAzADcAMQAyADgAMAA2ADcAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2994 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc4c8337-d023-485d-83f0-aec81a240425
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUANgAuADQANgAtADMANwA4ADQAMwAzADcAMQAyADgAMAA2ADcAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2993 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc4c8337-d023-485d-83f0-aec81a240425
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUANgAuADQANgAtADMANwA4ADQAMwAzADcAMQAyADgAMAA2ADcAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2992 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc4c8337-d023-485d-83f0-aec81a240425
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUANgAuADQANgAtADMANwA4ADQAMwAzADcAMQAyADgAMAA2ADcAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2991 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc4c8337-d023-485d-83f0-aec81a240425
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUANgAuADQANgAtADMANwA4ADQAMwAzADcAMQAyADgAMAA2ADcAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2990 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc4c8337-d023-485d-83f0-aec81a240425
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUANgAuADQANgAtADMANwA4ADQAMwAzADcAMQAyADgAMAA2ADcAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2989 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9ef18c53-3d87-451a-b27a-b9323e41ca02
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d38d4109-9ad4-4872-bdff-aaf2f86496c4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2988 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4cd57caf-700d-4871-b588-65f884b2c91e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9210b6c7-f934-4bae-ab45-90654fe3c1b2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2987 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4cd57caf-700d-4871-b588-65f884b2c91e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2986 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4cd57caf-700d-4871-b588-65f884b2c91e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2985 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4cd57caf-700d-4871-b588-65f884b2c91e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2984 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4cd57caf-700d-4871-b588-65f884b2c91e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2983 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4cd57caf-700d-4871-b588-65f884b2c91e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2982 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4cd57caf-700d-4871-b588-65f884b2c91e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2981 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4cd57caf-700d-4871-b588-65f884b2c91e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2980 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4cd57caf-700d-4871-b588-65f884b2c91e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2979 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9ef18c53-3d87-451a-b27a-b9323e41ca02
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d38d4109-9ad4-4872-bdff-aaf2f86496c4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2978 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9ef18c53-3d87-451a-b27a-b9323e41ca02
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2977 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9ef18c53-3d87-451a-b27a-b9323e41ca02
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2976 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9ef18c53-3d87-451a-b27a-b9323e41ca02
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2975 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9ef18c53-3d87-451a-b27a-b9323e41ca02
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2974 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9ef18c53-3d87-451a-b27a-b9323e41ca02
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2973 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9ef18c53-3d87-451a-b27a-b9323e41ca02
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2972 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=69049b87-5209-41c7-aa2a-dec1d2a68afc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAFEAQQAyAEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE0AdwBBADMAQQBEAGcAQQBOAEEAQQB6AEEARABNAEEATgB3AEEAeABBAEQASQBBAE8AQQBBAHcAQQBEAFkAQQBOAHcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=3540748e-1de6-4e47-ae99-48ce524fffbf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2971 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0d092b75-9f2a-4b03-93ba-c80f8c5dfecb
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANQA2AC4ANAA2AC0AMwA3ADgANAAzADMANwAxADIAOAAwADYANwA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=dda55905-d5ff-46b7-9bc6-affb044859e2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2970 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0d092b75-9f2a-4b03-93ba-c80f8c5dfecb
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANQA2AC4ANAA2AC0AMwA3ADgANAAzADMANwAxADIAOAAwADYANwA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=dda55905-d5ff-46b7-9bc6-affb044859e2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2969 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0d092b75-9f2a-4b03-93ba-c80f8c5dfecb
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANQA2AC4ANAA2AC0AMwA3ADgANAAzADMANwAxADIAOAAwADYANwA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2968 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0d092b75-9f2a-4b03-93ba-c80f8c5dfecb
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANQA2AC4ANAA2AC0AMwA3ADgANAAzADMANwAxADIAOAAwADYANwA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2967 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0d092b75-9f2a-4b03-93ba-c80f8c5dfecb
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANQA2AC4ANAA2AC0AMwA3ADgANAAzADMANwAxADIAOAAwADYANwA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2966 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0d092b75-9f2a-4b03-93ba-c80f8c5dfecb
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANQA2AC4ANAA2AC0AMwA3ADgANAAzADMANwAxADIAOAAwADYANwA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2965 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0d092b75-9f2a-4b03-93ba-c80f8c5dfecb
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANQA2AC4ANAA2AC0AMwA3ADgANAAzADMANwAxADIAOAAwADYANwA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2964 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0d092b75-9f2a-4b03-93ba-c80f8c5dfecb
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANQA2AC4ANAA2AC0AMwA3ADgANAAzADMANwAxADIAOAAwADYANwA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2963 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=69049b87-5209-41c7-aa2a-dec1d2a68afc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAFEAQQAyAEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE0AdwBBADMAQQBEAGcAQQBOAEEAQQB6AEEARABNAEEATgB3AEEAeABBAEQASQBBAE8AQQBBAHcAQQBEAFkAQQBOAHcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=3540748e-1de6-4e47-ae99-48ce524fffbf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2962 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=69049b87-5209-41c7-aa2a-dec1d2a68afc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAFEAQQAyAEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE0AdwBBADMAQQBEAGcAQQBOAEEAQQB6AEEARABNAEEATgB3AEEAeABBAEQASQBBAE8AQQBBAHcAQQBEAFkAQQBOAHcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2961 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=69049b87-5209-41c7-aa2a-dec1d2a68afc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAFEAQQAyAEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE0AdwBBADMAQQBEAGcAQQBOAEEAQQB6AEEARABNAEEATgB3AEEAeABBAEQASQBBAE8AQQBBAHcAQQBEAFkAQQBOAHcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2960 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=69049b87-5209-41c7-aa2a-dec1d2a68afc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAFEAQQAyAEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE0AdwBBADMAQQBEAGcAQQBOAEEAQQB6AEEARABNAEEATgB3AEEAeABBAEQASQBBAE8AQQBBAHcAQQBEAFkAQQBOAHcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2959 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=69049b87-5209-41c7-aa2a-dec1d2a68afc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAFEAQQAyAEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE0AdwBBADMAQQBEAGcAQQBOAEEAQQB6AEEARABNAEEATgB3AEEAeABBAEQASQBBAE8AQQBBAHcAQQBEAFkAQQBOAHcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2958 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=69049b87-5209-41c7-aa2a-dec1d2a68afc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAFEAQQAyAEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE0AdwBBADMAQQBEAGcAQQBOAEEAQQB6AEEARABNAEEATgB3AEEAeABBAEQASQBBAE8AQQBBAHcAQQBEAFkAQQBOAHcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2957 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=69049b87-5209-41c7-aa2a-dec1d2a68afc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAFEAQQAyAEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE0AdwBBADMAQQBEAGcAQQBOAEEAQQB6AEEARABNAEEATgB3AEEAeABBAEQASQBBAE8AQQBBAHcAQQBEAFkAQQBOAHcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2956 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37423869-1df7-4da9-a296-b047449fc3c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABVAEEATQBRAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEkAQQBPAFEAQQA1AEEARABnAEEATgBBAEEAdwBBAEQAQQBBAE8AQQBBADAAQQBEAGsAQQBOAGcAQQAyAEEARABNAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=599995e2-9842-49b5-91dc-9fd1f7bdc73b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2955 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2b005c72-7bf7-469f-b244-77129896535b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUAMQAuADkANwAtADIAOQA5ADgANAAwADAAOAA0ADkANgA2ADMAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=8acaeb46-d4b5-441d-8fb4-bbdb9efbdd6f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2954 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2b005c72-7bf7-469f-b244-77129896535b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUAMQAuADkANwAtADIAOQA5ADgANAAwADAAOAA0ADkANgA2ADMAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=8acaeb46-d4b5-441d-8fb4-bbdb9efbdd6f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2953 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2b005c72-7bf7-469f-b244-77129896535b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUAMQAuADkANwAtADIAOQA5ADgANAAwADAAOAA0ADkANgA2ADMAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2952 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2b005c72-7bf7-469f-b244-77129896535b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUAMQAuADkANwAtADIAOQA5ADgANAAwADAAOAA0ADkANgA2ADMAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2951 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2b005c72-7bf7-469f-b244-77129896535b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUAMQAuADkANwAtADIAOQA5ADgANAAwADAAOAA0ADkANgA2ADMAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2950 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2b005c72-7bf7-469f-b244-77129896535b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUAMQAuADkANwAtADIAOQA5ADgANAAwADAAOAA0ADkANgA2ADMAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2949 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2b005c72-7bf7-469f-b244-77129896535b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUAMQAuADkANwAtADIAOQA5ADgANAAwADAAOAA0ADkANgA2ADMAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2948 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2b005c72-7bf7-469f-b244-77129896535b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUAMQAuADkANwAtADIAOQA5ADgANAAwADAAOAA0ADkANgA2ADMAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2947 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37423869-1df7-4da9-a296-b047449fc3c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABVAEEATQBRAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEkAQQBPAFEAQQA1AEEARABnAEEATgBBAEEAdwBBAEQAQQBBAE8AQQBBADAAQQBEAGsAQQBOAGcAQQAyAEEARABNAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=599995e2-9842-49b5-91dc-9fd1f7bdc73b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2946 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37423869-1df7-4da9-a296-b047449fc3c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABVAEEATQBRAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEkAQQBPAFEAQQA1AEEARABnAEEATgBBAEEAdwBBAEQAQQBBAE8AQQBBADAAQQBEAGsAQQBOAGcAQQAyAEEARABNAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2945 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37423869-1df7-4da9-a296-b047449fc3c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABVAEEATQBRAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEkAQQBPAFEAQQA1AEEARABnAEEATgBBAEEAdwBBAEQAQQBBAE8AQQBBADAAQQBEAGsAQQBOAGcAQQAyAEEARABNAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2944 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37423869-1df7-4da9-a296-b047449fc3c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABVAEEATQBRAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEkAQQBPAFEAQQA1AEEARABnAEEATgBBAEEAdwBBAEQAQQBBAE8AQQBBADAAQQBEAGsAQQBOAGcAQQAyAEEARABNAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2943 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37423869-1df7-4da9-a296-b047449fc3c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABVAEEATQBRAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEkAQQBPAFEAQQA1AEEARABnAEEATgBBAEEAdwBBAEQAQQBBAE8AQQBBADAAQQBEAGsAQQBOAGcAQQAyAEEARABNAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2942 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37423869-1df7-4da9-a296-b047449fc3c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABVAEEATQBRAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEkAQQBPAFEAQQA1AEEARABnAEEATgBBAEEAdwBBAEQAQQBBAE8AQQBBADAAQQBEAGsAQQBOAGcAQQAyAEEARABNAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2941 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37423869-1df7-4da9-a296-b047449fc3c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQB3AEEARABVAEEATQBRAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEkAQQBPAFEAQQA1AEEARABnAEEATgBBAEEAdwBBAEQAQQBBAE8AQQBBADAAQQBEAGsAQQBOAGcAQQAyAEEARABNAEEATwBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2940 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47c962da-3e65-47f6-a1e7-f3bac8c5106f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=050d9e8d-1ec2-4b6b-81b0-38a222170b38
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2939 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=684047a5-6015-482e-818e-d2231a9d84a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=91971d0e-6dea-4d08-b189-3489c117640e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2938 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=684047a5-6015-482e-818e-d2231a9d84a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2937 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=684047a5-6015-482e-818e-d2231a9d84a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2936 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=684047a5-6015-482e-818e-d2231a9d84a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2935 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=684047a5-6015-482e-818e-d2231a9d84a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2934 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=684047a5-6015-482e-818e-d2231a9d84a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2933 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=684047a5-6015-482e-818e-d2231a9d84a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2932 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=684047a5-6015-482e-818e-d2231a9d84a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2931 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=684047a5-6015-482e-818e-d2231a9d84a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2930 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47c962da-3e65-47f6-a1e7-f3bac8c5106f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=050d9e8d-1ec2-4b6b-81b0-38a222170b38
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2929 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47c962da-3e65-47f6-a1e7-f3bac8c5106f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2928 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47c962da-3e65-47f6-a1e7-f3bac8c5106f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2927 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47c962da-3e65-47f6-a1e7-f3bac8c5106f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2926 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47c962da-3e65-47f6-a1e7-f3bac8c5106f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2925 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47c962da-3e65-47f6-a1e7-f3bac8c5106f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2924 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47c962da-3e65-47f6-a1e7-f3bac8c5106f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2923 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3cfebf7a-6fe8-413d-826a-71bc09ec584e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUAMQAuADkANwAtADIAOQA5ADgANAAwADAAOAA0ADkANgA2ADMAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=2d216050-0be8-4c07-9cf8-b873f90ef08c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2922 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3cfebf7a-6fe8-413d-826a-71bc09ec584e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUAMQAuADkANwAtADIAOQA5ADgANAAwADAAOAA0ADkANgA2ADMAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=2d216050-0be8-4c07-9cf8-b873f90ef08c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2921 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3cfebf7a-6fe8-413d-826a-71bc09ec584e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUAMQAuADkANwAtADIAOQA5ADgANAAwADAAOAA0ADkANgA2ADMAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2920 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3cfebf7a-6fe8-413d-826a-71bc09ec584e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUAMQAuADkANwAtADIAOQA5ADgANAAwADAAOAA0ADkANgA2ADMAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2919 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3cfebf7a-6fe8-413d-826a-71bc09ec584e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUAMQAuADkANwAtADIAOQA5ADgANAAwADAAOAA0ADkANgA2ADMAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2918 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3cfebf7a-6fe8-413d-826a-71bc09ec584e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUAMQAuADkANwAtADIAOQA5ADgANAAwADAAOAA0ADkANgA2ADMAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2917 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3cfebf7a-6fe8-413d-826a-71bc09ec584e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUAMQAuADkANwAtADIAOQA5ADgANAAwADAAOAA0ADkANgA2ADMAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2916 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3cfebf7a-6fe8-413d-826a-71bc09ec584e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADQANQAwADUAMQAuADkANwAtADIAOQA5ADgANAAwADAAOAA0ADkANgA2ADMAOABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2915 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f6b2b23-09ab-4034-be4a-eaad585f44be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c1da73f6-20a3-4b64-94bf-570445993e64
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2914 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=593c8561-a234-432b-ba71-bf798eecbefa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=56f40c68-da21-4a90-aad3-2418caf0875b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2913 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=593c8561-a234-432b-ba71-bf798eecbefa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2912 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=593c8561-a234-432b-ba71-bf798eecbefa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2911 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=593c8561-a234-432b-ba71-bf798eecbefa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2910 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=593c8561-a234-432b-ba71-bf798eecbefa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2909 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=593c8561-a234-432b-ba71-bf798eecbefa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2908 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=593c8561-a234-432b-ba71-bf798eecbefa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2907 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=593c8561-a234-432b-ba71-bf798eecbefa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2906 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=593c8561-a234-432b-ba71-bf798eecbefa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2905 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f6b2b23-09ab-4034-be4a-eaad585f44be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c1da73f6-20a3-4b64-94bf-570445993e64
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2904 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f6b2b23-09ab-4034-be4a-eaad585f44be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2903 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f6b2b23-09ab-4034-be4a-eaad585f44be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2902 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f6b2b23-09ab-4034-be4a-eaad585f44be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2901 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f6b2b23-09ab-4034-be4a-eaad585f44be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2900 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f6b2b23-09ab-4034-be4a-eaad585f44be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2899 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f6b2b23-09ab-4034-be4a-eaad585f44be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2898 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=151a62ba-d5f0-479c-9258-fce66b408145
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAFEAQQB4AEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AZwBBADUAQQBEAGsAQQBPAEEAQQAwAEEARABBAEEATQBBAEEANABBAEQAUQBBAE8AUQBBADIAQQBEAFkAQQBNAHcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=14566261-65b4-4d8a-b2ce-cae998b9b210
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2897 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f3ad98-886a-424f-9401-9348dd949e37
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANQAxAC4AOQA3AC0AMgA5ADkAOAA0ADAAMAA4ADQAOQA2ADYAMwA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=0f884454-7a9b-49e1-bebb-5b35ed2196c0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2896 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f3ad98-886a-424f-9401-9348dd949e37
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANQAxAC4AOQA3AC0AMgA5ADkAOAA0ADAAMAA4ADQAOQA2ADYAMwA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=0f884454-7a9b-49e1-bebb-5b35ed2196c0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2895 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f3ad98-886a-424f-9401-9348dd949e37
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANQAxAC4AOQA3AC0AMgA5ADkAOAA0ADAAMAA4ADQAOQA2ADYAMwA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2894 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f3ad98-886a-424f-9401-9348dd949e37
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANQAxAC4AOQA3AC0AMgA5ADkAOAA0ADAAMAA4ADQAOQA2ADYAMwA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2893 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f3ad98-886a-424f-9401-9348dd949e37
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANQAxAC4AOQA3AC0AMgA5ADkAOAA0ADAAMAA4ADQAOQA2ADYAMwA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2892 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f3ad98-886a-424f-9401-9348dd949e37
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANQAxAC4AOQA3AC0AMgA5ADkAOAA0ADAAMAA4ADQAOQA2ADYAMwA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2891 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f3ad98-886a-424f-9401-9348dd949e37
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANQAxAC4AOQA3AC0AMgA5ADkAOAA0ADAAMAA4ADQAOQA2ADYAMwA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2890 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f3ad98-886a-424f-9401-9348dd949e37
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgANAA1ADAANQAxAC4AOQA3AC0AMgA5ADkAOAA0ADAAMAA4ADQAOQA2ADYAMwA4ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2889 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=151a62ba-d5f0-479c-9258-fce66b408145
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAFEAQQB4AEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AZwBBADUAQQBEAGsAQQBPAEEAQQAwAEEARABBAEEATQBBAEEANABBAEQAUQBBAE8AUQBBADIAQQBEAFkAQQBNAHcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=14566261-65b4-4d8a-b2ce-cae998b9b210
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2888 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=151a62ba-d5f0-479c-9258-fce66b408145
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAFEAQQB4AEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AZwBBADUAQQBEAGsAQQBPAEEAQQAwAEEARABBAEEATQBBAEEANABBAEQAUQBBAE8AUQBBADIAQQBEAFkAQQBNAHcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2887 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=151a62ba-d5f0-479c-9258-fce66b408145
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAFEAQQB4AEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AZwBBADUAQQBEAGsAQQBPAEEAQQAwAEEARABBAEEATQBBAEEANABBAEQAUQBBAE8AUQBBADIAQQBEAFkAQQBNAHcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2886 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=151a62ba-d5f0-479c-9258-fce66b408145
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAFEAQQB4AEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AZwBBADUAQQBEAGsAQQBPAEEAQQAwAEEARABBAEEATQBBAEEANABBAEQAUQBBAE8AUQBBADIAQQBEAFkAQQBNAHcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2885 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=151a62ba-d5f0-479c-9258-fce66b408145
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAFEAQQB4AEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AZwBBADUAQQBEAGsAQQBPAEEAQQAwAEEARABBAEEATQBBAEEANABBAEQAUQBBAE8AUQBBADIAQQBEAFkAQQBNAHcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2884 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=151a62ba-d5f0-479c-9258-fce66b408145
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAFEAQQB4AEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AZwBBADUAQQBEAGsAQQBPAEEAQQAwAEEARABBAEEATQBBAEEANABBAEQAUQBBAE8AUQBBADIAQQBEAFkAQQBNAHcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2883 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=151a62ba-d5f0-479c-9258-fce66b408145
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAEEAQQBOAFEAQQB4AEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AZwBBADUAQQBEAGsAQQBPAEEAQQAwAEEARABBAEEATQBBAEEANABBAEQAUQBBAE8AUQBBADIAQQBEAFkAQQBNAHcAQQA0AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2882 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=36
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b0e46e6-596b-4b64-acc6-3d137ff3770e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8a6cf222-b540-4290-8ab7-6d8026b1f277
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2881 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=34
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4675fc2d-7763-47e9-8f14-ab4446386aa4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b8c183ff-9ed3-4322-bc84-ed9f51aa8680
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2880 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4675fc2d-7763-47e9-8f14-ab4446386aa4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b8c183ff-9ed3-4322-bc84-ed9f51aa8680
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2879 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4675fc2d-7763-47e9-8f14-ab4446386aa4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2878 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4675fc2d-7763-47e9-8f14-ab4446386aa4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2877 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4675fc2d-7763-47e9-8f14-ab4446386aa4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2876 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4675fc2d-7763-47e9-8f14-ab4446386aa4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2875 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4675fc2d-7763-47e9-8f14-ab4446386aa4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2874 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4675fc2d-7763-47e9-8f14-ab4446386aa4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2873 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4675fc2d-7763-47e9-8f14-ab4446386aa4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2872 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4675fc2d-7763-47e9-8f14-ab4446386aa4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2871 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b0e46e6-596b-4b64-acc6-3d137ff3770e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8a6cf222-b540-4290-8ab7-6d8026b1f277
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2870 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b0e46e6-596b-4b64-acc6-3d137ff3770e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2869 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b0e46e6-596b-4b64-acc6-3d137ff3770e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2868 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b0e46e6-596b-4b64-acc6-3d137ff3770e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2867 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b0e46e6-596b-4b64-acc6-3d137ff3770e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2866 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b0e46e6-596b-4b64-acc6-3d137ff3770e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2865 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b0e46e6-596b-4b64-acc6-3d137ff3770e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2864 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 8:57:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bac63f8-ac6d-47b5-a628-830202660973
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=64567fe7-80b6-4378-ac52-3bf4ee681af4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2863 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38674791-9b59-453b-81e8-6f80213e72c8
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=5.1.14393.1944
RunspaceId=67811658-610c-4e68-89ec-b1ccc826cdc9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2862 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38674791-9b59-453b-81e8-6f80213e72c8
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=5.1.14393.1944
RunspaceId=67811658-610c-4e68-89ec-b1ccc826cdc9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2861 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38674791-9b59-453b-81e8-6f80213e72c8
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2860 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38674791-9b59-453b-81e8-6f80213e72c8
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2859 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38674791-9b59-453b-81e8-6f80213e72c8
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2858 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38674791-9b59-453b-81e8-6f80213e72c8
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2857 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38674791-9b59-453b-81e8-6f80213e72c8
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2856 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38674791-9b59-453b-81e8-6f80213e72c8
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2855 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c87082f5-daf8-42f0-a50e-20a832e12ba2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0c353937-615a-4022-ba51-9c816cb2aadb
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2854 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c87082f5-daf8-42f0-a50e-20a832e12ba2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0c353937-615a-4022-ba51-9c816cb2aadb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2853 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c87082f5-daf8-42f0-a50e-20a832e12ba2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2852 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c87082f5-daf8-42f0-a50e-20a832e12ba2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2851 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c87082f5-daf8-42f0-a50e-20a832e12ba2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2850 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c87082f5-daf8-42f0-a50e-20a832e12ba2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2849 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c87082f5-daf8-42f0-a50e-20a832e12ba2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2848 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c87082f5-daf8-42f0-a50e-20a832e12ba2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2847 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c87082f5-daf8-42f0-a50e-20a832e12ba2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2846 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c87082f5-daf8-42f0-a50e-20a832e12ba2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2845 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bac63f8-ac6d-47b5-a628-830202660973
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=64567fe7-80b6-4378-ac52-3bf4ee681af4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2844 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bac63f8-ac6d-47b5-a628-830202660973
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2843 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bac63f8-ac6d-47b5-a628-830202660973
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2842 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bac63f8-ac6d-47b5-a628-830202660973
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2841 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bac63f8-ac6d-47b5-a628-830202660973
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2840 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bac63f8-ac6d-47b5-a628-830202660973
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2839 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bac63f8-ac6d-47b5-a628-830202660973
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2838 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=37
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9d297a76-d5f1-4bf1-ba30-6207c131af78
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3a3e1f28-bb4b-45eb-9d51-15742d4b3537
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2837 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=35
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ec51ce84-a0f7-4252-8a81-4070ed2466ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ae643d69-362c-4208-bbf6-a7f651d4625f
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $platform_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Text;
namespace Ansible.PrivilegeUtil
{
[Flags]
public enum PrivilegeAttributes : uint
{
Disabled = 0x00000000,
EnabledByDefault = 0x00000001,
Enabled = 0x00000002,
Removed = 0x00000004,
UsedForAccess = 0x80000000,
}
internal class NativeHelpers
{
[StructLayout(LayoutKind.Sequential)]
internal struct LUID
{
public UInt32 LowPart;
public Int32 HighPart;
}
[StructLayout(LayoutKind.Sequential)]
internal struct LUID_AND_ATTRIBUTES
{
public LUID Luid;
public PrivilegeAttributes Attributes;
}
[StructLayout(LayoutKind.Sequential)]
internal struct TOKEN_PRIVILEGES
{
public UInt32 PrivilegeCount;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public LUID_AND_ATTRIBUTES[] Privileges;
}
}
internal class NativeMethods
{
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(
IntPtr TokenHandle,
[MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges,
IntPtr NewState,
UInt32 BufferLength,
IntPtr PreviousState,
out UInt32 ReturnLength);
[DllImport("kernel32.dll")]
internal static extern bool CloseHandle(
IntPtr hObject);
[DllImport("kernel32")]
internal static extern SafeWaitHandle GetCurrentProcess();
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool GetTokenInformation(
IntPtr TokenHandle,
UInt32 TokenInformationClass,
IntPtr TokenInformation,
UInt32 TokenInformationLength,
out UInt32 ReturnLength);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeName(
string lpSystemName,
ref NativeHelpers.LUID lpLuid,
StringBuilder lpName,
ref UInt32 cchName);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeValue(
string lpSystemName,
string lpName,
out NativeHelpers.LUID lpLuid);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool OpenProcessToken(
SafeHandle ProcessHandle,
TokenAccessLevels DesiredAccess,
out IntPtr TokenHandle);
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class Privileges
{
private static readonly UInt32 TOKEN_PRIVILEGES = 3;
public static bool CheckPrivilegeName(string name)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, name, out luid))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE
throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name));
return false;
}
else
{
return true;
}
}
public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } });
}
public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token)
{
return AdjustTokenPrivileges(token, null);
}
public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } });
}
public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token)
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken))
throw new Win32Exception("OpenProcessToken() failed");
Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>();
try
{
UInt32 tokenLength = 0;
NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength);
NativeHelpers.LUID_AND_ATTRIBUTES[] privileges;
IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength);
try
{
if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength))
throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed");
NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount];
PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(privilegesPtr);
}
info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes);
}
finally
{
NativeMethods.CloseHandle(hToken);
}
return info;
}
public static SafeWaitHandle GetCurrentProcess()
{
return NativeMethods.GetCurrentProcess();
}
public static void RemovePrivilege(SafeHandle token, string privilege)
{
SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } });
}
public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state)
{
NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count];
int i = 0;
foreach (KeyValuePair<string, bool?> entry in state)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid))
throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key));
PrivilegeAttributes attributes;
switch (entry.Value)
{
case true:
attributes = PrivilegeAttributes.Enabled;
break;
case false:
attributes = PrivilegeAttributes.Disabled;
break;
default:
attributes = PrivilegeAttributes.Removed;
break;
}
privilegeAttr[i].Luid = luid;
privilegeAttr[i].Attributes = attributes;
i++;
}
return AdjustTokenPrivileges(token, privilegeAttr);
}
private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState)
{
bool disableAllPrivileges;
IntPtr newStatePtr;
NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges;
UInt32 returnLength;
if (newState == null)
{
disableAllPrivileges = true;
newStatePtr = IntPtr.Zero;
}
else
{
disableAllPrivileges = false;
// Need to manually marshal the bytes requires for newState as the constant size
// of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES
// always contains at least 1 entry so we need to calculate the extra size if there are
// nore than 1 LUID_AND_ATTRIBUTES entry
int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES));
int luidAttrSize = 0;
if (newState.Length > 1)
luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1);
int totalSize = tokenPrivilegesSize + luidAttrSize;
byte[] newStateBytes = new byte[totalSize];
// get the first entry that includes the struct details
NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES()
{
PrivilegeCount = (UInt32)newState.Length,
Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1],
};
if (newState.Length > 0)
tokenPrivileges.Privileges[0] = newState[0];
int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0);
// copy the remaining LUID_AND_ATTRIBUTES (if any)
for (int i = 1; i < newState.Length; i++)
offset += StructureToBytes(newState[i], newStateBytes, offset);
// finally create the pointer to the byte array we just created
newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length);
Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length);
}
try
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken))
throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges");
try
{
IntPtr oldStatePtr = Marshal.AllocHGlobal(0);
if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size");
}
// resize the oldStatePtr based on the length returned from Windows
Marshal.FreeHGlobal(oldStatePtr);
oldStatePtr = Marshal.AllocHGlobal((int)returnLength);
try
{
bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength);
int errCode = Marshal.GetLastWin32Error();
// even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code
if (!res || errCode != 0)
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed");
// Marshal the oldStatePtr to the struct
NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount];
PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(oldStatePtr);
}
}
finally
{
NativeMethods.CloseHandle(hToken);
}
}
finally
{
if (newStatePtr != IntPtr.Zero)
Marshal.FreeHGlobal(newStatePtr);
}
return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled));
}
private static string GetPrivilegeName(NativeHelpers.LUID luid)
{
UInt32 nameLen = 0;
NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen);
StringBuilder name = new StringBuilder((int)(nameLen + 1));
if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen))
throw new Win32Exception("LookupPrivilegeName() failed");
return name.ToString();
}
private static void PtrToStructureArray<T>(T[] array, IntPtr ptr)
{
IntPtr ptrOffset = ptr;
for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T))))
array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T));
}
private static int StructureToBytes<T>(T structure, byte[] array, int offset)
{
int size = Marshal.SizeOf(structure);
IntPtr structPtr = Marshal.AllocHGlobal(size);
try
{
Marshal.StructureToPtr(structure, structPtr, false);
Marshal.Copy(structPtr, array, offset, size);
}
finally
{
Marshal.FreeHGlobal(structPtr);
}
return size;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2836 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $link_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ec51ce84-a0f7-4252-8a81-4070ed2466ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ae643d69-362c-4208-bbf6-a7f651d4625f
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $link_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
namespace Ansible
{
public enum LinkType
{
SymbolicLink,
JunctionPoint,
HardLink
}
public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); }
}
public class LinkInfo
{
public LinkType Type { get; internal set; }
public string PrintName { get; internal set; }
public string SubstituteName { get; internal set; }
public string AbsolutePath { get; internal set; }
public string TargetPath { get; internal set; }
public string[] HardTargets { get; internal set; }
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct REPARSE_DATA_BUFFER
{
public UInt32 ReparseTag;
public UInt16 ReparseDataLength;
public UInt16 Reserved;
public UInt16 SubstituteNameOffset;
public UInt16 SubstituteNameLength;
public UInt16 PrintNameOffset;
public UInt16 PrintNameLength;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)]
public char[] PathBuffer;
}
public class LinkUtil
{
public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16;
private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000;
private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000;
private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8;
private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4;
private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000;
private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003;
private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C;
private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001;
private const Int64 INVALID_HANDLE_VALUE = -1;
private const UInt32 SIZE_OF_WCHAR = 2;
private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000;
private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001;
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private static extern SafeFileHandle CreateFile(
string lpFileName,
[MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess,
[MarshalAs(UnmanagedType.U4)] FileShare dwShareMode,
IntPtr lpSecurityAttributes,
[MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition,
UInt32 dwFlagsAndAttributes,
IntPtr hTemplateFile);
// Used by GetReparsePointInfo()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
IntPtr lpInBuffer,
UInt32 nInBufferSize,
out REPARSE_DATA_BUFFER lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
// Used by CreateJunctionPoint()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
REPARSE_DATA_BUFFER lpInBuffer,
UInt32 nInBufferSize,
IntPtr lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool GetVolumePathName(
string lpszFileName,
StringBuilder lpszVolumePathName,
ref UInt32 cchBufferLength);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern IntPtr FindFirstFileNameW(
string lpFileName,
UInt32 dwFlags,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool FindNextFileNameW(
IntPtr hFindStream,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool FindClose(
IntPtr hFindFile);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool RemoveDirectory(
string lpPathName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeleteFile(
string lpFileName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateSymbolicLink(
string lpSymlinkFileName,
string lpTargetFileName,
UInt32 dwFlags);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateHardLink(
string lpFileName,
string lpExistingFileName,
IntPtr lpSecurityAttributes);
public static LinkInfo GetLinkInfo(string linkPath)
{
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.ReparsePoint))
return GetReparsePointInfo(linkPath);
if (!attr.HasFlag(FileAttributes.Directory))
return GetHardLinkInfo(linkPath);
return null;
}
public static void DeleteLink(string linkPath)
{
bool success;
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.Directory))
{
success = RemoveDirectory(linkPath);
}
else
{
success = DeleteFile(linkPath);
}
if (!success)
throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath));
}
public static void CreateLink(string linkPath, String linkTarget, LinkType linkType)
{
switch (linkType)
{
case LinkType.SymbolicLink:
UInt32 linkFlags;
FileAttributes attr = File.GetAttributes(linkTarget);
if (attr.HasFlag(FileAttributes.Directory))
linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY;
else
linkFlags = SYMBOLIC_LINK_FLAG_FILE;
if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags))
throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags));
break;
case LinkType.JunctionPoint:
CreateJunctionPoint(linkPath, linkTarget);
break;
case LinkType.HardLink:
if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget));
break;
}
}
private static LinkInfo GetHardLinkInfo(string linkPath)
{
UInt32 maxPath = 260;
List<string> result = new List<string>();
StringBuilder sb = new StringBuilder((int)maxPath);
UInt32 stringLength = maxPath;
if (!GetVolumePathName(linkPath, sb, ref stringLength))
throw new LinkUtilWin32Exception("GetVolumePathName() failed");
string volume = sb.ToString();
stringLength = maxPath;
IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb);
if (findHandle.ToInt64() != INVALID_HANDLE_VALUE)
{
try
{
do
{
string hardLinkPath = sb.ToString();
if (hardLinkPath.StartsWith("\\"))
hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1);
result.Add(Path.Combine(volume, hardLinkPath));
stringLength = maxPath;
} while (FindNextFileNameW(findHandle, ref stringLength, sb));
}
finally
{
FindClose(findHandle);
}
}
if (result.Count > 1)
return new LinkInfo
{
Type = LinkType.HardLink,
HardTargets = result.ToArray()
};
return null;
}
private static LinkInfo GetReparsePointInfo(string linkPath)
{
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Read,
FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
UInt32 bytesReturned;
try
{
if (!DeviceIoControl(
fileHandle,
FSCTL_GET_REPARSE_POINT,
IntPtr.Zero,
0,
out buffer,
MAXIMUM_REPARSE_DATA_BUFFER_SIZE,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath));
}
finally
{
fileHandle.Dispose();
}
bool isRelative = false;
int pathOffset = 0;
LinkType linkType;
if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK)
{
UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]);
if (bufferFlags == SYMLINK_FLAG_RELATIVE)
isRelative = true;
pathOffset = 2;
linkType = LinkType.SymbolicLink;
}
else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT)
{
linkType = LinkType.JunctionPoint;
}
else
{
string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString());
throw new Exception(errorMessage);
}
string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR));
string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR));
// TODO: should we check for \?\UNC\server for convert it to the NT style \\server path
// Remove the leading Windows object directory \?\ from the path if present
string targetPath = substituteName;
if (targetPath.StartsWith("\\??\\"))
targetPath = targetPath.Substring(4, targetPath.Length - 4);
string absolutePath = targetPath;
if (isRelative)
absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath));
return new LinkInfo
{
Type = linkType,
PrintName = printName,
SubstituteName = substituteName,
AbsolutePath = absolutePath,
TargetPath = targetPath
};
}
private static void CreateJunctionPoint(string linkPath, string linkTarget)
{
// We need to create the link as a dir beforehand
Directory.CreateDirectory(linkPath);
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Write,
FileShare.Read | FileShare.Write | FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
try
{
string substituteName = "\\??\\" + Path.GetFullPath(linkTarget);
string printName = linkTarget;
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
buffer.SubstituteNameOffset = 0;
buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR);
buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2);
buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR);
buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT;
buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12);
buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE];
byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName);
char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes);
Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length);
UInt32 bytesReturned;
if (!DeviceIoControl(
fileHandle,
FSCTL_SET_REPARSE_POINT,
buffer,
(UInt32)(buffer.ReparseDataLength + 8),
IntPtr.Zero, 0,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget));
}
finally
{
fileHandle.Dispose();
}
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2835 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ec51ce84-a0f7-4252-8a81-4070ed2466ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ae643d69-362c-4208-bbf6-a7f651d4625f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2834 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ec51ce84-a0f7-4252-8a81-4070ed2466ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2833 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ec51ce84-a0f7-4252-8a81-4070ed2466ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2832 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ec51ce84-a0f7-4252-8a81-4070ed2466ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2831 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ec51ce84-a0f7-4252-8a81-4070ed2466ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2830 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ec51ce84-a0f7-4252-8a81-4070ed2466ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2829 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ec51ce84-a0f7-4252-8a81-4070ed2466ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2828 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ec51ce84-a0f7-4252-8a81-4070ed2466ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2827 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ec51ce84-a0f7-4252-8a81-4070ed2466ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2826 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9d297a76-d5f1-4bf1-ba30-6207c131af78
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3a3e1f28-bb4b-45eb-9d51-15742d4b3537
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2825 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9d297a76-d5f1-4bf1-ba30-6207c131af78
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2824 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9d297a76-d5f1-4bf1-ba30-6207c131af78
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2823 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9d297a76-d5f1-4bf1-ba30-6207c131af78
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2822 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9d297a76-d5f1-4bf1-ba30-6207c131af78
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2821 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9d297a76-d5f1-4bf1-ba30-6207c131af78
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2820 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9d297a76-d5f1-4bf1-ba30-6207c131af78
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2819 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=30a88200-fd1d-4402-b439-1e669dc68155
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f9905e18-6f96-4d60-9801-bed73b6fd6c5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2818 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=51690810-6cdc-4f24-af6a-53c1a33ec053
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=5.1.14393.1944
RunspaceId=73cf644f-2dd3-4c8e-847b-4d6ef31c9c29
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2817 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=51690810-6cdc-4f24-af6a-53c1a33ec053
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=5.1.14393.1944
RunspaceId=73cf644f-2dd3-4c8e-847b-4d6ef31c9c29
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2816 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=51690810-6cdc-4f24-af6a-53c1a33ec053
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2815 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=51690810-6cdc-4f24-af6a-53c1a33ec053
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2814 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=51690810-6cdc-4f24-af6a-53c1a33ec053
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2813 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=51690810-6cdc-4f24-af6a-53c1a33ec053
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2812 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=51690810-6cdc-4f24-af6a-53c1a33ec053
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2811 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=51690810-6cdc-4f24-af6a-53c1a33ec053
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2810 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e56cfe27-a3f8-4f82-b3e7-8814732cda6d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=101c6f8e-e4f8-4531-ace2-73991940028f
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2809 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e56cfe27-a3f8-4f82-b3e7-8814732cda6d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=101c6f8e-e4f8-4531-ace2-73991940028f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2808 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e56cfe27-a3f8-4f82-b3e7-8814732cda6d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2807 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e56cfe27-a3f8-4f82-b3e7-8814732cda6d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2806 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e56cfe27-a3f8-4f82-b3e7-8814732cda6d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2805 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e56cfe27-a3f8-4f82-b3e7-8814732cda6d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2804 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e56cfe27-a3f8-4f82-b3e7-8814732cda6d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2803 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e56cfe27-a3f8-4f82-b3e7-8814732cda6d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2802 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e56cfe27-a3f8-4f82-b3e7-8814732cda6d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2801 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e56cfe27-a3f8-4f82-b3e7-8814732cda6d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2800 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=30a88200-fd1d-4402-b439-1e669dc68155
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f9905e18-6f96-4d60-9801-bed73b6fd6c5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2799 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=30a88200-fd1d-4402-b439-1e669dc68155
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2798 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=30a88200-fd1d-4402-b439-1e669dc68155
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2797 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=30a88200-fd1d-4402-b439-1e669dc68155
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2796 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=30a88200-fd1d-4402-b439-1e669dc68155
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2795 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=30a88200-fd1d-4402-b439-1e669dc68155
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2794 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=30a88200-fd1d-4402-b439-1e669dc68155
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2793 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=37
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=db00b3df-d62b-49ac-9a53-490ca576591c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1dd9694d-a42c-4a0f-a5a8-f36143850a47
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2792 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=35
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8d0ba9c2-42f9-482c-8d27-2a2e53ff6efb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=075592ad-ce5c-4940-ac22-2147d39d2b11
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $platform_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Text;
namespace Ansible.PrivilegeUtil
{
[Flags]
public enum PrivilegeAttributes : uint
{
Disabled = 0x00000000,
EnabledByDefault = 0x00000001,
Enabled = 0x00000002,
Removed = 0x00000004,
UsedForAccess = 0x80000000,
}
internal class NativeHelpers
{
[StructLayout(LayoutKind.Sequential)]
internal struct LUID
{
public UInt32 LowPart;
public Int32 HighPart;
}
[StructLayout(LayoutKind.Sequential)]
internal struct LUID_AND_ATTRIBUTES
{
public LUID Luid;
public PrivilegeAttributes Attributes;
}
[StructLayout(LayoutKind.Sequential)]
internal struct TOKEN_PRIVILEGES
{
public UInt32 PrivilegeCount;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public LUID_AND_ATTRIBUTES[] Privileges;
}
}
internal class NativeMethods
{
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(
IntPtr TokenHandle,
[MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges,
IntPtr NewState,
UInt32 BufferLength,
IntPtr PreviousState,
out UInt32 ReturnLength);
[DllImport("kernel32.dll")]
internal static extern bool CloseHandle(
IntPtr hObject);
[DllImport("kernel32")]
internal static extern SafeWaitHandle GetCurrentProcess();
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool GetTokenInformation(
IntPtr TokenHandle,
UInt32 TokenInformationClass,
IntPtr TokenInformation,
UInt32 TokenInformationLength,
out UInt32 ReturnLength);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeName(
string lpSystemName,
ref NativeHelpers.LUID lpLuid,
StringBuilder lpName,
ref UInt32 cchName);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeValue(
string lpSystemName,
string lpName,
out NativeHelpers.LUID lpLuid);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool OpenProcessToken(
SafeHandle ProcessHandle,
TokenAccessLevels DesiredAccess,
out IntPtr TokenHandle);
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class Privileges
{
private static readonly UInt32 TOKEN_PRIVILEGES = 3;
public static bool CheckPrivilegeName(string name)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, name, out luid))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE
throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name));
return false;
}
else
{
return true;
}
}
public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } });
}
public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token)
{
return AdjustTokenPrivileges(token, null);
}
public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } });
}
public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token)
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken))
throw new Win32Exception("OpenProcessToken() failed");
Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>();
try
{
UInt32 tokenLength = 0;
NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength);
NativeHelpers.LUID_AND_ATTRIBUTES[] privileges;
IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength);
try
{
if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength))
throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed");
NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount];
PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(privilegesPtr);
}
info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes);
}
finally
{
NativeMethods.CloseHandle(hToken);
}
return info;
}
public static SafeWaitHandle GetCurrentProcess()
{
return NativeMethods.GetCurrentProcess();
}
public static void RemovePrivilege(SafeHandle token, string privilege)
{
SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } });
}
public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state)
{
NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count];
int i = 0;
foreach (KeyValuePair<string, bool?> entry in state)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid))
throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key));
PrivilegeAttributes attributes;
switch (entry.Value)
{
case true:
attributes = PrivilegeAttributes.Enabled;
break;
case false:
attributes = PrivilegeAttributes.Disabled;
break;
default:
attributes = PrivilegeAttributes.Removed;
break;
}
privilegeAttr[i].Luid = luid;
privilegeAttr[i].Attributes = attributes;
i++;
}
return AdjustTokenPrivileges(token, privilegeAttr);
}
private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState)
{
bool disableAllPrivileges;
IntPtr newStatePtr;
NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges;
UInt32 returnLength;
if (newState == null)
{
disableAllPrivileges = true;
newStatePtr = IntPtr.Zero;
}
else
{
disableAllPrivileges = false;
// Need to manually marshal the bytes requires for newState as the constant size
// of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES
// always contains at least 1 entry so we need to calculate the extra size if there are
// nore than 1 LUID_AND_ATTRIBUTES entry
int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES));
int luidAttrSize = 0;
if (newState.Length > 1)
luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1);
int totalSize = tokenPrivilegesSize + luidAttrSize;
byte[] newStateBytes = new byte[totalSize];
// get the first entry that includes the struct details
NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES()
{
PrivilegeCount = (UInt32)newState.Length,
Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1],
};
if (newState.Length > 0)
tokenPrivileges.Privileges[0] = newState[0];
int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0);
// copy the remaining LUID_AND_ATTRIBUTES (if any)
for (int i = 1; i < newState.Length; i++)
offset += StructureToBytes(newState[i], newStateBytes, offset);
// finally create the pointer to the byte array we just created
newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length);
Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length);
}
try
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken))
throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges");
try
{
IntPtr oldStatePtr = Marshal.AllocHGlobal(0);
if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size");
}
// resize the oldStatePtr based on the length returned from Windows
Marshal.FreeHGlobal(oldStatePtr);
oldStatePtr = Marshal.AllocHGlobal((int)returnLength);
try
{
bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength);
int errCode = Marshal.GetLastWin32Error();
// even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code
if (!res || errCode != 0)
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed");
// Marshal the oldStatePtr to the struct
NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount];
PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(oldStatePtr);
}
}
finally
{
NativeMethods.CloseHandle(hToken);
}
}
finally
{
if (newStatePtr != IntPtr.Zero)
Marshal.FreeHGlobal(newStatePtr);
}
return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled));
}
private static string GetPrivilegeName(NativeHelpers.LUID luid)
{
UInt32 nameLen = 0;
NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen);
StringBuilder name = new StringBuilder((int)(nameLen + 1));
if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen))
throw new Win32Exception("LookupPrivilegeName() failed");
return name.ToString();
}
private static void PtrToStructureArray<T>(T[] array, IntPtr ptr)
{
IntPtr ptrOffset = ptr;
for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T))))
array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T));
}
private static int StructureToBytes<T>(T structure, byte[] array, int offset)
{
int size = Marshal.SizeOf(structure);
IntPtr structPtr = Marshal.AllocHGlobal(size);
try
{
Marshal.StructureToPtr(structure, structPtr, false);
Marshal.Copy(structPtr, array, offset, size);
}
finally
{
Marshal.FreeHGlobal(structPtr);
}
return size;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2791 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $link_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8d0ba9c2-42f9-482c-8d27-2a2e53ff6efb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=075592ad-ce5c-4940-ac22-2147d39d2b11
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $link_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
namespace Ansible
{
public enum LinkType
{
SymbolicLink,
JunctionPoint,
HardLink
}
public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); }
}
public class LinkInfo
{
public LinkType Type { get; internal set; }
public string PrintName { get; internal set; }
public string SubstituteName { get; internal set; }
public string AbsolutePath { get; internal set; }
public string TargetPath { get; internal set; }
public string[] HardTargets { get; internal set; }
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct REPARSE_DATA_BUFFER
{
public UInt32 ReparseTag;
public UInt16 ReparseDataLength;
public UInt16 Reserved;
public UInt16 SubstituteNameOffset;
public UInt16 SubstituteNameLength;
public UInt16 PrintNameOffset;
public UInt16 PrintNameLength;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)]
public char[] PathBuffer;
}
public class LinkUtil
{
public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16;
private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000;
private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000;
private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8;
private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4;
private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000;
private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003;
private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C;
private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001;
private const Int64 INVALID_HANDLE_VALUE = -1;
private const UInt32 SIZE_OF_WCHAR = 2;
private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000;
private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001;
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private static extern SafeFileHandle CreateFile(
string lpFileName,
[MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess,
[MarshalAs(UnmanagedType.U4)] FileShare dwShareMode,
IntPtr lpSecurityAttributes,
[MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition,
UInt32 dwFlagsAndAttributes,
IntPtr hTemplateFile);
// Used by GetReparsePointInfo()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
IntPtr lpInBuffer,
UInt32 nInBufferSize,
out REPARSE_DATA_BUFFER lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
// Used by CreateJunctionPoint()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
REPARSE_DATA_BUFFER lpInBuffer,
UInt32 nInBufferSize,
IntPtr lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool GetVolumePathName(
string lpszFileName,
StringBuilder lpszVolumePathName,
ref UInt32 cchBufferLength);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern IntPtr FindFirstFileNameW(
string lpFileName,
UInt32 dwFlags,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool FindNextFileNameW(
IntPtr hFindStream,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool FindClose(
IntPtr hFindFile);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool RemoveDirectory(
string lpPathName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeleteFile(
string lpFileName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateSymbolicLink(
string lpSymlinkFileName,
string lpTargetFileName,
UInt32 dwFlags);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateHardLink(
string lpFileName,
string lpExistingFileName,
IntPtr lpSecurityAttributes);
public static LinkInfo GetLinkInfo(string linkPath)
{
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.ReparsePoint))
return GetReparsePointInfo(linkPath);
if (!attr.HasFlag(FileAttributes.Directory))
return GetHardLinkInfo(linkPath);
return null;
}
public static void DeleteLink(string linkPath)
{
bool success;
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.Directory))
{
success = RemoveDirectory(linkPath);
}
else
{
success = DeleteFile(linkPath);
}
if (!success)
throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath));
}
public static void CreateLink(string linkPath, String linkTarget, LinkType linkType)
{
switch (linkType)
{
case LinkType.SymbolicLink:
UInt32 linkFlags;
FileAttributes attr = File.GetAttributes(linkTarget);
if (attr.HasFlag(FileAttributes.Directory))
linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY;
else
linkFlags = SYMBOLIC_LINK_FLAG_FILE;
if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags))
throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags));
break;
case LinkType.JunctionPoint:
CreateJunctionPoint(linkPath, linkTarget);
break;
case LinkType.HardLink:
if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget));
break;
}
}
private static LinkInfo GetHardLinkInfo(string linkPath)
{
UInt32 maxPath = 260;
List<string> result = new List<string>();
StringBuilder sb = new StringBuilder((int)maxPath);
UInt32 stringLength = maxPath;
if (!GetVolumePathName(linkPath, sb, ref stringLength))
throw new LinkUtilWin32Exception("GetVolumePathName() failed");
string volume = sb.ToString();
stringLength = maxPath;
IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb);
if (findHandle.ToInt64() != INVALID_HANDLE_VALUE)
{
try
{
do
{
string hardLinkPath = sb.ToString();
if (hardLinkPath.StartsWith("\\"))
hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1);
result.Add(Path.Combine(volume, hardLinkPath));
stringLength = maxPath;
} while (FindNextFileNameW(findHandle, ref stringLength, sb));
}
finally
{
FindClose(findHandle);
}
}
if (result.Count > 1)
return new LinkInfo
{
Type = LinkType.HardLink,
HardTargets = result.ToArray()
};
return null;
}
private static LinkInfo GetReparsePointInfo(string linkPath)
{
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Read,
FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
UInt32 bytesReturned;
try
{
if (!DeviceIoControl(
fileHandle,
FSCTL_GET_REPARSE_POINT,
IntPtr.Zero,
0,
out buffer,
MAXIMUM_REPARSE_DATA_BUFFER_SIZE,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath));
}
finally
{
fileHandle.Dispose();
}
bool isRelative = false;
int pathOffset = 0;
LinkType linkType;
if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK)
{
UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]);
if (bufferFlags == SYMLINK_FLAG_RELATIVE)
isRelative = true;
pathOffset = 2;
linkType = LinkType.SymbolicLink;
}
else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT)
{
linkType = LinkType.JunctionPoint;
}
else
{
string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString());
throw new Exception(errorMessage);
}
string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR));
string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR));
// TODO: should we check for \?\UNC\server for convert it to the NT style \\server path
// Remove the leading Windows object directory \?\ from the path if present
string targetPath = substituteName;
if (targetPath.StartsWith("\\??\\"))
targetPath = targetPath.Substring(4, targetPath.Length - 4);
string absolutePath = targetPath;
if (isRelative)
absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath));
return new LinkInfo
{
Type = linkType,
PrintName = printName,
SubstituteName = substituteName,
AbsolutePath = absolutePath,
TargetPath = targetPath
};
}
private static void CreateJunctionPoint(string linkPath, string linkTarget)
{
// We need to create the link as a dir beforehand
Directory.CreateDirectory(linkPath);
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Write,
FileShare.Read | FileShare.Write | FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
try
{
string substituteName = "\\??\\" + Path.GetFullPath(linkTarget);
string printName = linkTarget;
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
buffer.SubstituteNameOffset = 0;
buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR);
buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2);
buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR);
buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT;
buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12);
buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE];
byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName);
char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes);
Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length);
UInt32 bytesReturned;
if (!DeviceIoControl(
fileHandle,
FSCTL_SET_REPARSE_POINT,
buffer,
(UInt32)(buffer.ReparseDataLength + 8),
IntPtr.Zero, 0,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget));
}
finally
{
fileHandle.Dispose();
}
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2790 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8d0ba9c2-42f9-482c-8d27-2a2e53ff6efb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=075592ad-ce5c-4940-ac22-2147d39d2b11
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2789 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8d0ba9c2-42f9-482c-8d27-2a2e53ff6efb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2788 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8d0ba9c2-42f9-482c-8d27-2a2e53ff6efb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2787 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8d0ba9c2-42f9-482c-8d27-2a2e53ff6efb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2786 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8d0ba9c2-42f9-482c-8d27-2a2e53ff6efb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2785 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8d0ba9c2-42f9-482c-8d27-2a2e53ff6efb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2784 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8d0ba9c2-42f9-482c-8d27-2a2e53ff6efb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2783 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8d0ba9c2-42f9-482c-8d27-2a2e53ff6efb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2782 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8d0ba9c2-42f9-482c-8d27-2a2e53ff6efb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2781 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=db00b3df-d62b-49ac-9a53-490ca576591c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1dd9694d-a42c-4a0f-a5a8-f36143850a47
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2780 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=db00b3df-d62b-49ac-9a53-490ca576591c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2779 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=db00b3df-d62b-49ac-9a53-490ca576591c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2778 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=db00b3df-d62b-49ac-9a53-490ca576591c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2777 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=db00b3df-d62b-49ac-9a53-490ca576591c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2776 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=db00b3df-d62b-49ac-9a53-490ca576591c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2775 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=db00b3df-d62b-49ac-9a53-490ca576591c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2774 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=31c78f0d-9c1e-4fd3-b6d7-dcb862eef3e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=236487a9-c837-4f56-bdb4-3b5e3e42fd44
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2773 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dafb5f45-139a-4349-95b8-556c3bc6cee3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=23eb2e50-8211-4077-a805-99520daf26d1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2772 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dafb5f45-139a-4349-95b8-556c3bc6cee3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=23eb2e50-8211-4077-a805-99520daf26d1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2771 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dafb5f45-139a-4349-95b8-556c3bc6cee3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2770 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dafb5f45-139a-4349-95b8-556c3bc6cee3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2769 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dafb5f45-139a-4349-95b8-556c3bc6cee3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2768 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dafb5f45-139a-4349-95b8-556c3bc6cee3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2767 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dafb5f45-139a-4349-95b8-556c3bc6cee3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2766 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dafb5f45-139a-4349-95b8-556c3bc6cee3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2765 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c1af552-9cd9-4329-a19e-6bb9e92c28d0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ba7eabc1-2fe9-4d7f-ad9a-48a47f1c26ed
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2764 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c1af552-9cd9-4329-a19e-6bb9e92c28d0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ba7eabc1-2fe9-4d7f-ad9a-48a47f1c26ed
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2763 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c1af552-9cd9-4329-a19e-6bb9e92c28d0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2762 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c1af552-9cd9-4329-a19e-6bb9e92c28d0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2761 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c1af552-9cd9-4329-a19e-6bb9e92c28d0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2760 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c1af552-9cd9-4329-a19e-6bb9e92c28d0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2759 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c1af552-9cd9-4329-a19e-6bb9e92c28d0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2758 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c1af552-9cd9-4329-a19e-6bb9e92c28d0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2757 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c1af552-9cd9-4329-a19e-6bb9e92c28d0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2756 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c1af552-9cd9-4329-a19e-6bb9e92c28d0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2755 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=31c78f0d-9c1e-4fd3-b6d7-dcb862eef3e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=236487a9-c837-4f56-bdb4-3b5e3e42fd44
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2754 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=31c78f0d-9c1e-4fd3-b6d7-dcb862eef3e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2753 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=31c78f0d-9c1e-4fd3-b6d7-dcb862eef3e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2752 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=31c78f0d-9c1e-4fd3-b6d7-dcb862eef3e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2751 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=31c78f0d-9c1e-4fd3-b6d7-dcb862eef3e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2750 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=31c78f0d-9c1e-4fd3-b6d7-dcb862eef3e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2749 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=31c78f0d-9c1e-4fd3-b6d7-dcb862eef3e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2748 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=37
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d71cbfe6-2610-4996-91fe-18d91ab8e4e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=20178e0d-db7f-4183-a971-529f82bcac1e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2747 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=35
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c1239ada-d490-4b67-b9c9-6110a18d1177
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3eb630c0-700c-4e93-98e8-9265a66aee3b
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $platform_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Text;
namespace Ansible.PrivilegeUtil
{
[Flags]
public enum PrivilegeAttributes : uint
{
Disabled = 0x00000000,
EnabledByDefault = 0x00000001,
Enabled = 0x00000002,
Removed = 0x00000004,
UsedForAccess = 0x80000000,
}
internal class NativeHelpers
{
[StructLayout(LayoutKind.Sequential)]
internal struct LUID
{
public UInt32 LowPart;
public Int32 HighPart;
}
[StructLayout(LayoutKind.Sequential)]
internal struct LUID_AND_ATTRIBUTES
{
public LUID Luid;
public PrivilegeAttributes Attributes;
}
[StructLayout(LayoutKind.Sequential)]
internal struct TOKEN_PRIVILEGES
{
public UInt32 PrivilegeCount;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public LUID_AND_ATTRIBUTES[] Privileges;
}
}
internal class NativeMethods
{
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(
IntPtr TokenHandle,
[MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges,
IntPtr NewState,
UInt32 BufferLength,
IntPtr PreviousState,
out UInt32 ReturnLength);
[DllImport("kernel32.dll")]
internal static extern bool CloseHandle(
IntPtr hObject);
[DllImport("kernel32")]
internal static extern SafeWaitHandle GetCurrentProcess();
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool GetTokenInformation(
IntPtr TokenHandle,
UInt32 TokenInformationClass,
IntPtr TokenInformation,
UInt32 TokenInformationLength,
out UInt32 ReturnLength);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeName(
string lpSystemName,
ref NativeHelpers.LUID lpLuid,
StringBuilder lpName,
ref UInt32 cchName);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeValue(
string lpSystemName,
string lpName,
out NativeHelpers.LUID lpLuid);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool OpenProcessToken(
SafeHandle ProcessHandle,
TokenAccessLevels DesiredAccess,
out IntPtr TokenHandle);
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class Privileges
{
private static readonly UInt32 TOKEN_PRIVILEGES = 3;
public static bool CheckPrivilegeName(string name)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, name, out luid))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE
throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name));
return false;
}
else
{
return true;
}
}
public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } });
}
public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token)
{
return AdjustTokenPrivileges(token, null);
}
public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } });
}
public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token)
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken))
throw new Win32Exception("OpenProcessToken() failed");
Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>();
try
{
UInt32 tokenLength = 0;
NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength);
NativeHelpers.LUID_AND_ATTRIBUTES[] privileges;
IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength);
try
{
if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength))
throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed");
NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount];
PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(privilegesPtr);
}
info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes);
}
finally
{
NativeMethods.CloseHandle(hToken);
}
return info;
}
public static SafeWaitHandle GetCurrentProcess()
{
return NativeMethods.GetCurrentProcess();
}
public static void RemovePrivilege(SafeHandle token, string privilege)
{
SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } });
}
public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state)
{
NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count];
int i = 0;
foreach (KeyValuePair<string, bool?> entry in state)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid))
throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key));
PrivilegeAttributes attributes;
switch (entry.Value)
{
case true:
attributes = PrivilegeAttributes.Enabled;
break;
case false:
attributes = PrivilegeAttributes.Disabled;
break;
default:
attributes = PrivilegeAttributes.Removed;
break;
}
privilegeAttr[i].Luid = luid;
privilegeAttr[i].Attributes = attributes;
i++;
}
return AdjustTokenPrivileges(token, privilegeAttr);
}
private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState)
{
bool disableAllPrivileges;
IntPtr newStatePtr;
NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges;
UInt32 returnLength;
if (newState == null)
{
disableAllPrivileges = true;
newStatePtr = IntPtr.Zero;
}
else
{
disableAllPrivileges = false;
// Need to manually marshal the bytes requires for newState as the constant size
// of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES
// always contains at least 1 entry so we need to calculate the extra size if there are
// nore than 1 LUID_AND_ATTRIBUTES entry
int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES));
int luidAttrSize = 0;
if (newState.Length > 1)
luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1);
int totalSize = tokenPrivilegesSize + luidAttrSize;
byte[] newStateBytes = new byte[totalSize];
// get the first entry that includes the struct details
NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES()
{
PrivilegeCount = (UInt32)newState.Length,
Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1],
};
if (newState.Length > 0)
tokenPrivileges.Privileges[0] = newState[0];
int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0);
// copy the remaining LUID_AND_ATTRIBUTES (if any)
for (int i = 1; i < newState.Length; i++)
offset += StructureToBytes(newState[i], newStateBytes, offset);
// finally create the pointer to the byte array we just created
newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length);
Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length);
}
try
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken))
throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges");
try
{
IntPtr oldStatePtr = Marshal.AllocHGlobal(0);
if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size");
}
// resize the oldStatePtr based on the length returned from Windows
Marshal.FreeHGlobal(oldStatePtr);
oldStatePtr = Marshal.AllocHGlobal((int)returnLength);
try
{
bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength);
int errCode = Marshal.GetLastWin32Error();
// even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code
if (!res || errCode != 0)
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed");
// Marshal the oldStatePtr to the struct
NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount];
PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(oldStatePtr);
}
}
finally
{
NativeMethods.CloseHandle(hToken);
}
}
finally
{
if (newStatePtr != IntPtr.Zero)
Marshal.FreeHGlobal(newStatePtr);
}
return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled));
}
private static string GetPrivilegeName(NativeHelpers.LUID luid)
{
UInt32 nameLen = 0;
NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen);
StringBuilder name = new StringBuilder((int)(nameLen + 1));
if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen))
throw new Win32Exception("LookupPrivilegeName() failed");
return name.ToString();
}
private static void PtrToStructureArray<T>(T[] array, IntPtr ptr)
{
IntPtr ptrOffset = ptr;
for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T))))
array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T));
}
private static int StructureToBytes<T>(T structure, byte[] array, int offset)
{
int size = Marshal.SizeOf(structure);
IntPtr structPtr = Marshal.AllocHGlobal(size);
try
{
Marshal.StructureToPtr(structure, structPtr, false);
Marshal.Copy(structPtr, array, offset, size);
}
finally
{
Marshal.FreeHGlobal(structPtr);
}
return size;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2746 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $link_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c1239ada-d490-4b67-b9c9-6110a18d1177
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3eb630c0-700c-4e93-98e8-9265a66aee3b
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $link_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
namespace Ansible
{
public enum LinkType
{
SymbolicLink,
JunctionPoint,
HardLink
}
public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); }
}
public class LinkInfo
{
public LinkType Type { get; internal set; }
public string PrintName { get; internal set; }
public string SubstituteName { get; internal set; }
public string AbsolutePath { get; internal set; }
public string TargetPath { get; internal set; }
public string[] HardTargets { get; internal set; }
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct REPARSE_DATA_BUFFER
{
public UInt32 ReparseTag;
public UInt16 ReparseDataLength;
public UInt16 Reserved;
public UInt16 SubstituteNameOffset;
public UInt16 SubstituteNameLength;
public UInt16 PrintNameOffset;
public UInt16 PrintNameLength;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)]
public char[] PathBuffer;
}
public class LinkUtil
{
public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16;
private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000;
private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000;
private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8;
private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4;
private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000;
private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003;
private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C;
private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001;
private const Int64 INVALID_HANDLE_VALUE = -1;
private const UInt32 SIZE_OF_WCHAR = 2;
private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000;
private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001;
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private static extern SafeFileHandle CreateFile(
string lpFileName,
[MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess,
[MarshalAs(UnmanagedType.U4)] FileShare dwShareMode,
IntPtr lpSecurityAttributes,
[MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition,
UInt32 dwFlagsAndAttributes,
IntPtr hTemplateFile);
// Used by GetReparsePointInfo()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
IntPtr lpInBuffer,
UInt32 nInBufferSize,
out REPARSE_DATA_BUFFER lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
// Used by CreateJunctionPoint()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
REPARSE_DATA_BUFFER lpInBuffer,
UInt32 nInBufferSize,
IntPtr lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool GetVolumePathName(
string lpszFileName,
StringBuilder lpszVolumePathName,
ref UInt32 cchBufferLength);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern IntPtr FindFirstFileNameW(
string lpFileName,
UInt32 dwFlags,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool FindNextFileNameW(
IntPtr hFindStream,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool FindClose(
IntPtr hFindFile);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool RemoveDirectory(
string lpPathName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeleteFile(
string lpFileName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateSymbolicLink(
string lpSymlinkFileName,
string lpTargetFileName,
UInt32 dwFlags);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateHardLink(
string lpFileName,
string lpExistingFileName,
IntPtr lpSecurityAttributes);
public static LinkInfo GetLinkInfo(string linkPath)
{
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.ReparsePoint))
return GetReparsePointInfo(linkPath);
if (!attr.HasFlag(FileAttributes.Directory))
return GetHardLinkInfo(linkPath);
return null;
}
public static void DeleteLink(string linkPath)
{
bool success;
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.Directory))
{
success = RemoveDirectory(linkPath);
}
else
{
success = DeleteFile(linkPath);
}
if (!success)
throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath));
}
public static void CreateLink(string linkPath, String linkTarget, LinkType linkType)
{
switch (linkType)
{
case LinkType.SymbolicLink:
UInt32 linkFlags;
FileAttributes attr = File.GetAttributes(linkTarget);
if (attr.HasFlag(FileAttributes.Directory))
linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY;
else
linkFlags = SYMBOLIC_LINK_FLAG_FILE;
if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags))
throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags));
break;
case LinkType.JunctionPoint:
CreateJunctionPoint(linkPath, linkTarget);
break;
case LinkType.HardLink:
if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget));
break;
}
}
private static LinkInfo GetHardLinkInfo(string linkPath)
{
UInt32 maxPath = 260;
List<string> result = new List<string>();
StringBuilder sb = new StringBuilder((int)maxPath);
UInt32 stringLength = maxPath;
if (!GetVolumePathName(linkPath, sb, ref stringLength))
throw new LinkUtilWin32Exception("GetVolumePathName() failed");
string volume = sb.ToString();
stringLength = maxPath;
IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb);
if (findHandle.ToInt64() != INVALID_HANDLE_VALUE)
{
try
{
do
{
string hardLinkPath = sb.ToString();
if (hardLinkPath.StartsWith("\\"))
hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1);
result.Add(Path.Combine(volume, hardLinkPath));
stringLength = maxPath;
} while (FindNextFileNameW(findHandle, ref stringLength, sb));
}
finally
{
FindClose(findHandle);
}
}
if (result.Count > 1)
return new LinkInfo
{
Type = LinkType.HardLink,
HardTargets = result.ToArray()
};
return null;
}
private static LinkInfo GetReparsePointInfo(string linkPath)
{
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Read,
FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
UInt32 bytesReturned;
try
{
if (!DeviceIoControl(
fileHandle,
FSCTL_GET_REPARSE_POINT,
IntPtr.Zero,
0,
out buffer,
MAXIMUM_REPARSE_DATA_BUFFER_SIZE,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath));
}
finally
{
fileHandle.Dispose();
}
bool isRelative = false;
int pathOffset = 0;
LinkType linkType;
if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK)
{
UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]);
if (bufferFlags == SYMLINK_FLAG_RELATIVE)
isRelative = true;
pathOffset = 2;
linkType = LinkType.SymbolicLink;
}
else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT)
{
linkType = LinkType.JunctionPoint;
}
else
{
string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString());
throw new Exception(errorMessage);
}
string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR));
string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR));
// TODO: should we check for \?\UNC\server for convert it to the NT style \\server path
// Remove the leading Windows object directory \?\ from the path if present
string targetPath = substituteName;
if (targetPath.StartsWith("\\??\\"))
targetPath = targetPath.Substring(4, targetPath.Length - 4);
string absolutePath = targetPath;
if (isRelative)
absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath));
return new LinkInfo
{
Type = linkType,
PrintName = printName,
SubstituteName = substituteName,
AbsolutePath = absolutePath,
TargetPath = targetPath
};
}
private static void CreateJunctionPoint(string linkPath, string linkTarget)
{
// We need to create the link as a dir beforehand
Directory.CreateDirectory(linkPath);
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Write,
FileShare.Read | FileShare.Write | FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
try
{
string substituteName = "\\??\\" + Path.GetFullPath(linkTarget);
string printName = linkTarget;
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
buffer.SubstituteNameOffset = 0;
buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR);
buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2);
buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR);
buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT;
buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12);
buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE];
byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName);
char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes);
Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length);
UInt32 bytesReturned;
if (!DeviceIoControl(
fileHandle,
FSCTL_SET_REPARSE_POINT,
buffer,
(UInt32)(buffer.ReparseDataLength + 8),
IntPtr.Zero, 0,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget));
}
finally
{
fileHandle.Dispose();
}
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2745 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c1239ada-d490-4b67-b9c9-6110a18d1177
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3eb630c0-700c-4e93-98e8-9265a66aee3b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2744 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c1239ada-d490-4b67-b9c9-6110a18d1177
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2743 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c1239ada-d490-4b67-b9c9-6110a18d1177
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2742 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c1239ada-d490-4b67-b9c9-6110a18d1177
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2741 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c1239ada-d490-4b67-b9c9-6110a18d1177
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2740 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c1239ada-d490-4b67-b9c9-6110a18d1177
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2739 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c1239ada-d490-4b67-b9c9-6110a18d1177
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2738 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c1239ada-d490-4b67-b9c9-6110a18d1177
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2737 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c1239ada-d490-4b67-b9c9-6110a18d1177
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2736 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d71cbfe6-2610-4996-91fe-18d91ab8e4e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=20178e0d-db7f-4183-a971-529f82bcac1e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2735 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d71cbfe6-2610-4996-91fe-18d91ab8e4e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2734 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d71cbfe6-2610-4996-91fe-18d91ab8e4e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2733 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d71cbfe6-2610-4996-91fe-18d91ab8e4e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2732 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d71cbfe6-2610-4996-91fe-18d91ab8e4e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2731 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d71cbfe6-2610-4996-91fe-18d91ab8e4e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2730 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d71cbfe6-2610-4996-91fe-18d91ab8e4e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2729 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=36
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4d9ab758-97c8-44ce-8f38-4b94fc3851d5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9645711c-62d8-47cb-a67a-1cb817a13302
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2728 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=34
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5bafe692-c5c6-4093-97df-c5050c116bf5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ebe2fc32-b48a-48a0-afd4-30ad16bd3ec1
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2727 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5bafe692-c5c6-4093-97df-c5050c116bf5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ebe2fc32-b48a-48a0-afd4-30ad16bd3ec1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2726 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5bafe692-c5c6-4093-97df-c5050c116bf5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2725 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5bafe692-c5c6-4093-97df-c5050c116bf5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2724 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5bafe692-c5c6-4093-97df-c5050c116bf5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2723 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5bafe692-c5c6-4093-97df-c5050c116bf5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2722 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5bafe692-c5c6-4093-97df-c5050c116bf5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2721 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5bafe692-c5c6-4093-97df-c5050c116bf5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2720 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5bafe692-c5c6-4093-97df-c5050c116bf5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2719 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5bafe692-c5c6-4093-97df-c5050c116bf5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2718 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4d9ab758-97c8-44ce-8f38-4b94fc3851d5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9645711c-62d8-47cb-a67a-1cb817a13302
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2717 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4d9ab758-97c8-44ce-8f38-4b94fc3851d5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2716 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4d9ab758-97c8-44ce-8f38-4b94fc3851d5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2715 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4d9ab758-97c8-44ce-8f38-4b94fc3851d5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2714 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4d9ab758-97c8-44ce-8f38-4b94fc3851d5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2713 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4d9ab758-97c8-44ce-8f38-4b94fc3851d5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2712 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4d9ab758-97c8-44ce-8f38-4b94fc3851d5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2711 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:18:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=34
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8128cd10-9329-4d74-b549-e99a1fb9de02
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f8aafde5-7629-4f86-84b1-44c560c7bfcb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2710 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:17:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f70acc99-4da4-4938-8779-b4541edbe23f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ca7ff758-8314-468c-8265-1b06a17a0ad1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2709 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:17:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f70acc99-4da4-4938-8779-b4541edbe23f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2708 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:17:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f70acc99-4da4-4938-8779-b4541edbe23f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2707 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:17:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f70acc99-4da4-4938-8779-b4541edbe23f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2706 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:17:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f70acc99-4da4-4938-8779-b4541edbe23f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2705 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:17:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f70acc99-4da4-4938-8779-b4541edbe23f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2704 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:17:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f70acc99-4da4-4938-8779-b4541edbe23f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2703 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:17:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f70acc99-4da4-4938-8779-b4541edbe23f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2702 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:17:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f70acc99-4da4-4938-8779-b4541edbe23f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2701 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:17:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8128cd10-9329-4d74-b549-e99a1fb9de02
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f8aafde5-7629-4f86-84b1-44c560c7bfcb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2700 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8128cd10-9329-4d74-b549-e99a1fb9de02
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2699 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8128cd10-9329-4d74-b549-e99a1fb9de02
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2698 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8128cd10-9329-4d74-b549-e99a1fb9de02
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2697 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8128cd10-9329-4d74-b549-e99a1fb9de02
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2696 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8128cd10-9329-4d74-b549-e99a1fb9de02
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2695 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8128cd10-9329-4d74-b549-e99a1fb9de02
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2694 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=34
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ec1d533-2bc3-45e7-bb84-145a8935a707
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=461eee2d-b235-452a-ada8-fa8c0f686640
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2693 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db1b795f-61d9-4580-9d57-9ab12e03eb4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d28c456c-1893-40cc-8d23-43f9fc630a45
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2692 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db1b795f-61d9-4580-9d57-9ab12e03eb4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2691 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db1b795f-61d9-4580-9d57-9ab12e03eb4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2690 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db1b795f-61d9-4580-9d57-9ab12e03eb4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2689 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db1b795f-61d9-4580-9d57-9ab12e03eb4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2688 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db1b795f-61d9-4580-9d57-9ab12e03eb4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2687 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db1b795f-61d9-4580-9d57-9ab12e03eb4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2686 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db1b795f-61d9-4580-9d57-9ab12e03eb4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2685 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db1b795f-61d9-4580-9d57-9ab12e03eb4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2684 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ec1d533-2bc3-45e7-bb84-145a8935a707
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=461eee2d-b235-452a-ada8-fa8c0f686640
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2683 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ec1d533-2bc3-45e7-bb84-145a8935a707
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2682 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ec1d533-2bc3-45e7-bb84-145a8935a707
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2681 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ec1d533-2bc3-45e7-bb84-145a8935a707
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2680 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ec1d533-2bc3-45e7-bb84-145a8935a707
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2679 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ec1d533-2bc3-45e7-bb84-145a8935a707
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2678 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ec1d533-2bc3-45e7-bb84-145a8935a707
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2677 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=110a6ba0-910d-47bb-bde4-c9e5bb7d41b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d07cc755-27f2-4b73-95ad-1ea075cdc0ac
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2676 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e450b3b5-8d5c-4dd4-96a6-9676a3b913f5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA=
EngineVersion=5.1.14393.1944
RunspaceId=b9b16f56-5c94-4b5a-9c00-de6580edc9a7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2675 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e450b3b5-8d5c-4dd4-96a6-9676a3b913f5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA=
EngineVersion=5.1.14393.1944
RunspaceId=b9b16f56-5c94-4b5a-9c00-de6580edc9a7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2674 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e450b3b5-8d5c-4dd4-96a6-9676a3b913f5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2673 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e450b3b5-8d5c-4dd4-96a6-9676a3b913f5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2672 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e450b3b5-8d5c-4dd4-96a6-9676a3b913f5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2671 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e450b3b5-8d5c-4dd4-96a6-9676a3b913f5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2670 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e450b3b5-8d5c-4dd4-96a6-9676a3b913f5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2669 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e450b3b5-8d5c-4dd4-96a6-9676a3b913f5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2668 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=922d24ae-8d6a-4543-8c74-a53c75eeaeea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=48677b0f-726d-4fb2-bbfe-eb0d7a5f53ce
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2667 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=922d24ae-8d6a-4543-8c74-a53c75eeaeea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=48677b0f-726d-4fb2-bbfe-eb0d7a5f53ce
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2666 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=922d24ae-8d6a-4543-8c74-a53c75eeaeea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2665 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=922d24ae-8d6a-4543-8c74-a53c75eeaeea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2664 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=922d24ae-8d6a-4543-8c74-a53c75eeaeea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2663 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=922d24ae-8d6a-4543-8c74-a53c75eeaeea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2662 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=922d24ae-8d6a-4543-8c74-a53c75eeaeea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2661 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=922d24ae-8d6a-4543-8c74-a53c75eeaeea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2660 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=922d24ae-8d6a-4543-8c74-a53c75eeaeea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2659 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=922d24ae-8d6a-4543-8c74-a53c75eeaeea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2658 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=110a6ba0-910d-47bb-bde4-c9e5bb7d41b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d07cc755-27f2-4b73-95ad-1ea075cdc0ac
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2657 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=110a6ba0-910d-47bb-bde4-c9e5bb7d41b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2656 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=110a6ba0-910d-47bb-bde4-c9e5bb7d41b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2655 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=110a6ba0-910d-47bb-bde4-c9e5bb7d41b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2654 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=110a6ba0-910d-47bb-bde4-c9e5bb7d41b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2653 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=110a6ba0-910d-47bb-bde4-c9e5bb7d41b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2652 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=110a6ba0-910d-47bb-bde4-c9e5bb7d41b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2651 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cddaa38-5dab-4f75-b563-acbce31ff1ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c67d4745-6d17-4f62-a031-7419cd53f191
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2650 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7ac95be-1979-42be-a799-a6b2b4851b9f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA
EngineVersion=5.1.14393.1944
RunspaceId=36a64c96-7939-4359-a3da-32307bd58c10
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2649 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7ac95be-1979-42be-a799-a6b2b4851b9f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA
EngineVersion=5.1.14393.1944
RunspaceId=36a64c96-7939-4359-a3da-32307bd58c10
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2648 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7ac95be-1979-42be-a799-a6b2b4851b9f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2647 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7ac95be-1979-42be-a799-a6b2b4851b9f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2646 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7ac95be-1979-42be-a799-a6b2b4851b9f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2645 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7ac95be-1979-42be-a799-a6b2b4851b9f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2644 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7ac95be-1979-42be-a799-a6b2b4851b9f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2643 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7ac95be-1979-42be-a799-a6b2b4851b9f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2642 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9c611187-346a-45b8-bf6d-86a0f6974d0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d32cb907-e0d8-478b-9749-bb944fca1433
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2641 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9c611187-346a-45b8-bf6d-86a0f6974d0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d32cb907-e0d8-478b-9749-bb944fca1433
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2640 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9c611187-346a-45b8-bf6d-86a0f6974d0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2639 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9c611187-346a-45b8-bf6d-86a0f6974d0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2638 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9c611187-346a-45b8-bf6d-86a0f6974d0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2637 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9c611187-346a-45b8-bf6d-86a0f6974d0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2636 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9c611187-346a-45b8-bf6d-86a0f6974d0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2635 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9c611187-346a-45b8-bf6d-86a0f6974d0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2634 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9c611187-346a-45b8-bf6d-86a0f6974d0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2633 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9c611187-346a-45b8-bf6d-86a0f6974d0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2632 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cddaa38-5dab-4f75-b563-acbce31ff1ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c67d4745-6d17-4f62-a031-7419cd53f191
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2631 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cddaa38-5dab-4f75-b563-acbce31ff1ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2630 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cddaa38-5dab-4f75-b563-acbce31ff1ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2629 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cddaa38-5dab-4f75-b563-acbce31ff1ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2628 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cddaa38-5dab-4f75-b563-acbce31ff1ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2627 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cddaa38-5dab-4f75-b563-acbce31ff1ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2626 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cddaa38-5dab-4f75-b563-acbce31ff1ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2625 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b6601140-4ea7-4b65-a154-0d88fa3fa1e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b391a65f-c59c-48c5-86d1-35a50f7c802b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2624 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eddd1714-4d6e-4fe4-bf9c-d1bc481a40a2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA==
EngineVersion=5.1.14393.1944
RunspaceId=4d0045a4-559d-488a-9916-e566b4a623c8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2623 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eddd1714-4d6e-4fe4-bf9c-d1bc481a40a2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA==
EngineVersion=5.1.14393.1944
RunspaceId=4d0045a4-559d-488a-9916-e566b4a623c8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2622 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eddd1714-4d6e-4fe4-bf9c-d1bc481a40a2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2621 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eddd1714-4d6e-4fe4-bf9c-d1bc481a40a2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2620 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eddd1714-4d6e-4fe4-bf9c-d1bc481a40a2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2619 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eddd1714-4d6e-4fe4-bf9c-d1bc481a40a2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2618 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eddd1714-4d6e-4fe4-bf9c-d1bc481a40a2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2617 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eddd1714-4d6e-4fe4-bf9c-d1bc481a40a2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2616 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=037ab925-57af-4c9a-9d2c-e04bc1172e6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=dcf86217-8ef5-45d6-aaba-d30b370dcdc2
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2615 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=037ab925-57af-4c9a-9d2c-e04bc1172e6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=dcf86217-8ef5-45d6-aaba-d30b370dcdc2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2614 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=037ab925-57af-4c9a-9d2c-e04bc1172e6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2613 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=037ab925-57af-4c9a-9d2c-e04bc1172e6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2612 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=037ab925-57af-4c9a-9d2c-e04bc1172e6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2611 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=037ab925-57af-4c9a-9d2c-e04bc1172e6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2610 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=037ab925-57af-4c9a-9d2c-e04bc1172e6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2609 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=037ab925-57af-4c9a-9d2c-e04bc1172e6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2608 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=037ab925-57af-4c9a-9d2c-e04bc1172e6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2607 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=037ab925-57af-4c9a-9d2c-e04bc1172e6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2606 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b6601140-4ea7-4b65-a154-0d88fa3fa1e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b391a65f-c59c-48c5-86d1-35a50f7c802b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2605 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b6601140-4ea7-4b65-a154-0d88fa3fa1e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2604 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b6601140-4ea7-4b65-a154-0d88fa3fa1e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2603 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b6601140-4ea7-4b65-a154-0d88fa3fa1e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2602 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b6601140-4ea7-4b65-a154-0d88fa3fa1e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2601 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b6601140-4ea7-4b65-a154-0d88fa3fa1e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2600 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b6601140-4ea7-4b65-a154-0d88fa3fa1e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2599 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26a7dc59-ced7-4432-ad2c-3b270b03cd53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9f1c3de5-b1b4-40cb-8d0f-2697c6c5f56d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2598 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19ec49a3-ca6c-4052-a271-265b4a687fa4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANAA3ADAAMAAxAC0AMwAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA
EngineVersion=5.1.14393.1944
RunspaceId=5db278dd-ed31-4f00-b0ee-4905faad0f45
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2597 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19ec49a3-ca6c-4052-a271-265b4a687fa4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANAA3ADAAMAAxAC0AMwAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA
EngineVersion=5.1.14393.1944
RunspaceId=5db278dd-ed31-4f00-b0ee-4905faad0f45
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2596 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19ec49a3-ca6c-4052-a271-265b4a687fa4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANAA3ADAAMAAxAC0AMwAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2595 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19ec49a3-ca6c-4052-a271-265b4a687fa4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANAA3ADAAMAAxAC0AMwAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2594 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19ec49a3-ca6c-4052-a271-265b4a687fa4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANAA3ADAAMAAxAC0AMwAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2593 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19ec49a3-ca6c-4052-a271-265b4a687fa4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANAA3ADAAMAAxAC0AMwAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2592 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19ec49a3-ca6c-4052-a271-265b4a687fa4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANAA3ADAAMAAxAC0AMwAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2591 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19ec49a3-ca6c-4052-a271-265b4a687fa4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADgANAA3ADAAMAAxAC0AMwAuAGwAbwBjAGEAbAAgAC0AdgAgAFMAZQBTAGUAcgB2AGkAYwBlAEwAbwBnAG8AbgBSAGkAZwBoAHQA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2590 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=317af573-5e49-42a7-a1a6-6524b4a3b7ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3c6858d0-e4e0-4d4d-8fae-63304694c795
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2589 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=317af573-5e49-42a7-a1a6-6524b4a3b7ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3c6858d0-e4e0-4d4d-8fae-63304694c795
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2588 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=317af573-5e49-42a7-a1a6-6524b4a3b7ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2587 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=317af573-5e49-42a7-a1a6-6524b4a3b7ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2586 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=317af573-5e49-42a7-a1a6-6524b4a3b7ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2585 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=317af573-5e49-42a7-a1a6-6524b4a3b7ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2584 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=317af573-5e49-42a7-a1a6-6524b4a3b7ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2583 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=317af573-5e49-42a7-a1a6-6524b4a3b7ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2582 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=317af573-5e49-42a7-a1a6-6524b4a3b7ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2581 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=317af573-5e49-42a7-a1a6-6524b4a3b7ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2580 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26a7dc59-ced7-4432-ad2c-3b270b03cd53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9f1c3de5-b1b4-40cb-8d0f-2697c6c5f56d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2579 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26a7dc59-ced7-4432-ad2c-3b270b03cd53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2578 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26a7dc59-ced7-4432-ad2c-3b270b03cd53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2577 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26a7dc59-ced7-4432-ad2c-3b270b03cd53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2576 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26a7dc59-ced7-4432-ad2c-3b270b03cd53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2575 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26a7dc59-ced7-4432-ad2c-3b270b03cd53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2574 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26a7dc59-ced7-4432-ad2c-3b270b03cd53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2573 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d731efd-8104-415e-980f-9a0aa75cd553
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA
EngineVersion=5.1.14393.1944
RunspaceId=f133e443-f837-4c9c-bc31-69d656e0b0f2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2572 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d731efd-8104-415e-980f-9a0aa75cd553
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA
EngineVersion=5.1.14393.1944
RunspaceId=f133e443-f837-4c9c-bc31-69d656e0b0f2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2571 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d731efd-8104-415e-980f-9a0aa75cd553
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2570 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d731efd-8104-415e-980f-9a0aa75cd553
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2569 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d731efd-8104-415e-980f-9a0aa75cd553
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2568 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d731efd-8104-415e-980f-9a0aa75cd553
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2567 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d731efd-8104-415e-980f-9a0aa75cd553
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2566 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d731efd-8104-415e-980f-9a0aa75cd553
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2565 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=20f5b7f4-22dc-4ebb-8b8e-cc1ce94a9588
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=5.1.14393.1944
RunspaceId=ae14547d-a8d6-4afd-8083-86302db91c36
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2564 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=20f5b7f4-22dc-4ebb-8b8e-cc1ce94a9588
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=5.1.14393.1944
RunspaceId=ae14547d-a8d6-4afd-8083-86302db91c36
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2563 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=20f5b7f4-22dc-4ebb-8b8e-cc1ce94a9588
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2562 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=20f5b7f4-22dc-4ebb-8b8e-cc1ce94a9588
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2561 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=20f5b7f4-22dc-4ebb-8b8e-cc1ce94a9588
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2560 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=20f5b7f4-22dc-4ebb-8b8e-cc1ce94a9588
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2559 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=20f5b7f4-22dc-4ebb-8b8e-cc1ce94a9588
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2558 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=20f5b7f4-22dc-4ebb-8b8e-cc1ce94a9588
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2557 | PowerShell | | Windows PowerShell | | | n-h1-847001-3.cbci-847001-3.local | | 6/21/2022 7:16:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0085ff3d-bad2-4dee-b306-899e16fe12c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=5.1.14393.1944
RunspaceId=efb023da-9441-41e7-95e6-fd925a06f7ee
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2556 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0085ff3d-bad2-4dee-b306-899e16fe12c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=5.1.14393.1944
RunspaceId=efb023da-9441-41e7-95e6-fd925a06f7ee
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2555 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0085ff3d-bad2-4dee-b306-899e16fe12c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2554 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0085ff3d-bad2-4dee-b306-899e16fe12c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2553 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0085ff3d-bad2-4dee-b306-899e16fe12c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2552 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0085ff3d-bad2-4dee-b306-899e16fe12c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2551 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0085ff3d-bad2-4dee-b306-899e16fe12c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2550 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0085ff3d-bad2-4dee-b306-899e16fe12c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2549 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cc03af8-002b-4256-8e77-df3ecf7016b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=5.1.14393.1944
RunspaceId=9a1aa813-782a-4a62-be40-f345264c268f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2548 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cc03af8-002b-4256-8e77-df3ecf7016b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=5.1.14393.1944
RunspaceId=9a1aa813-782a-4a62-be40-f345264c268f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2547 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cc03af8-002b-4256-8e77-df3ecf7016b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2546 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cc03af8-002b-4256-8e77-df3ecf7016b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2545 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cc03af8-002b-4256-8e77-df3ecf7016b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2544 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cc03af8-002b-4256-8e77-df3ecf7016b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2543 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cc03af8-002b-4256-8e77-df3ecf7016b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2542 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cc03af8-002b-4256-8e77-df3ecf7016b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2541 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=23dccd25-b318-437e-b8c8-d8281f09dbd3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=ce0d575d-c2f0-441f-8deb-8f76bf2b1866
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2540 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=23dccd25-b318-437e-b8c8-d8281f09dbd3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=ce0d575d-c2f0-441f-8deb-8f76bf2b1866
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2539 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=23dccd25-b318-437e-b8c8-d8281f09dbd3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2538 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=23dccd25-b318-437e-b8c8-d8281f09dbd3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2537 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=23dccd25-b318-437e-b8c8-d8281f09dbd3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2536 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=23dccd25-b318-437e-b8c8-d8281f09dbd3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2535 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=23dccd25-b318-437e-b8c8-d8281f09dbd3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2534 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=23dccd25-b318-437e-b8c8-d8281f09dbd3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2533 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f7f6ae-a778-4d97-8bfb-345068008ec1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=5.1.14393.1944
RunspaceId=3183a674-4b90-46fe-bc69-3254068a37c9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2532 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f7f6ae-a778-4d97-8bfb-345068008ec1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=5.1.14393.1944
RunspaceId=3183a674-4b90-46fe-bc69-3254068a37c9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2531 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f7f6ae-a778-4d97-8bfb-345068008ec1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2530 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f7f6ae-a778-4d97-8bfb-345068008ec1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2529 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f7f6ae-a778-4d97-8bfb-345068008ec1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2528 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f7f6ae-a778-4d97-8bfb-345068008ec1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2527 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f7f6ae-a778-4d97-8bfb-345068008ec1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2526 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f7f6ae-a778-4d97-8bfb-345068008ec1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2525 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a4b1706-d10e-42e4-b1f6-184a8b4e5090
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b153bbb7-829a-4497-9cb3-46cd73686ae4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2524 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1157f88b-85b9-40c8-9d61-aa4b99793e53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f3299384-c026-4188-b558-639175d182a5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2523 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1157f88b-85b9-40c8-9d61-aa4b99793e53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2522 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1157f88b-85b9-40c8-9d61-aa4b99793e53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2521 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1157f88b-85b9-40c8-9d61-aa4b99793e53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2520 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1157f88b-85b9-40c8-9d61-aa4b99793e53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2519 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1157f88b-85b9-40c8-9d61-aa4b99793e53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2518 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1157f88b-85b9-40c8-9d61-aa4b99793e53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2517 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1157f88b-85b9-40c8-9d61-aa4b99793e53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2516 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1157f88b-85b9-40c8-9d61-aa4b99793e53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2515 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a4b1706-d10e-42e4-b1f6-184a8b4e5090
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b153bbb7-829a-4497-9cb3-46cd73686ae4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2514 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a4b1706-d10e-42e4-b1f6-184a8b4e5090
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2513 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a4b1706-d10e-42e4-b1f6-184a8b4e5090
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2512 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a4b1706-d10e-42e4-b1f6-184a8b4e5090
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2511 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a4b1706-d10e-42e4-b1f6-184a8b4e5090
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2510 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a4b1706-d10e-42e4-b1f6-184a8b4e5090
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2509 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a4b1706-d10e-42e4-b1f6-184a8b4e5090
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2508 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5c5de85a-0ae8-401f-ac41-2f8a2b26b0ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e36edea0-3482-4631-a7ed-85f6a197b06f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2507 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=48970b2b-7318-48ca-afed-dd85df68dfdb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d689a4e5-8283-4065-994f-a011dc42ef6c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2506 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=48970b2b-7318-48ca-afed-dd85df68dfdb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2505 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=48970b2b-7318-48ca-afed-dd85df68dfdb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2504 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=48970b2b-7318-48ca-afed-dd85df68dfdb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2503 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=48970b2b-7318-48ca-afed-dd85df68dfdb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2502 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=48970b2b-7318-48ca-afed-dd85df68dfdb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2501 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=48970b2b-7318-48ca-afed-dd85df68dfdb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2500 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=48970b2b-7318-48ca-afed-dd85df68dfdb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2499 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=48970b2b-7318-48ca-afed-dd85df68dfdb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2498 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5c5de85a-0ae8-401f-ac41-2f8a2b26b0ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e36edea0-3482-4631-a7ed-85f6a197b06f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2497 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5c5de85a-0ae8-401f-ac41-2f8a2b26b0ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2496 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5c5de85a-0ae8-401f-ac41-2f8a2b26b0ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2495 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5c5de85a-0ae8-401f-ac41-2f8a2b26b0ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2494 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5c5de85a-0ae8-401f-ac41-2f8a2b26b0ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2493 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5c5de85a-0ae8-401f-ac41-2f8a2b26b0ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2492 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5c5de85a-0ae8-401f-ac41-2f8a2b26b0ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2491 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=457195d2-0732-4143-857e-e86f1b14d598
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=06d6050e-bf46-420b-9eb9-9e8cc13d848d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2490 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f5a7074e-c32b-4aca-8d2e-01edac4ba2e7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA
EngineVersion=5.1.14393.1944
RunspaceId=50275698-7155-462d-84a3-ab2ab5457d50
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2489 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f5a7074e-c32b-4aca-8d2e-01edac4ba2e7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA
EngineVersion=5.1.14393.1944
RunspaceId=50275698-7155-462d-84a3-ab2ab5457d50
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2488 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f5a7074e-c32b-4aca-8d2e-01edac4ba2e7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2487 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f5a7074e-c32b-4aca-8d2e-01edac4ba2e7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2486 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f5a7074e-c32b-4aca-8d2e-01edac4ba2e7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2485 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f5a7074e-c32b-4aca-8d2e-01edac4ba2e7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2484 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f5a7074e-c32b-4aca-8d2e-01edac4ba2e7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2483 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f5a7074e-c32b-4aca-8d2e-01edac4ba2e7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2482 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4d1af5ef-c6e7-4044-99ca-3fd857c7cd55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=632a9e01-9f08-4da6-a72d-02bd6955d2f7
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2481 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4d1af5ef-c6e7-4044-99ca-3fd857c7cd55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=632a9e01-9f08-4da6-a72d-02bd6955d2f7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2480 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4d1af5ef-c6e7-4044-99ca-3fd857c7cd55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2479 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4d1af5ef-c6e7-4044-99ca-3fd857c7cd55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2478 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4d1af5ef-c6e7-4044-99ca-3fd857c7cd55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2477 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4d1af5ef-c6e7-4044-99ca-3fd857c7cd55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2476 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4d1af5ef-c6e7-4044-99ca-3fd857c7cd55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2475 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4d1af5ef-c6e7-4044-99ca-3fd857c7cd55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2474 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4d1af5ef-c6e7-4044-99ca-3fd857c7cd55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2473 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4d1af5ef-c6e7-4044-99ca-3fd857c7cd55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2472 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=457195d2-0732-4143-857e-e86f1b14d598
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=06d6050e-bf46-420b-9eb9-9e8cc13d848d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2471 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=457195d2-0732-4143-857e-e86f1b14d598
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2470 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=457195d2-0732-4143-857e-e86f1b14d598
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2469 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=457195d2-0732-4143-857e-e86f1b14d598
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2468 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=457195d2-0732-4143-857e-e86f1b14d598
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2467 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=457195d2-0732-4143-857e-e86f1b14d598
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2466 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=457195d2-0732-4143-857e-e86f1b14d598
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2465 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=36
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=417faa91-7408-4cad-911c-88b4e3feaebc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7d887b7e-886d-4b39-8e22-05b7681e270f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2464 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=34
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dbe6ccc5-c4f6-4bf1-8980-95a36fcd9ffa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=63c68d32-9616-4442-8ef4-5ceea020a370
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2463 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dbe6ccc5-c4f6-4bf1-8980-95a36fcd9ffa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=63c68d32-9616-4442-8ef4-5ceea020a370
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2462 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dbe6ccc5-c4f6-4bf1-8980-95a36fcd9ffa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2461 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dbe6ccc5-c4f6-4bf1-8980-95a36fcd9ffa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2460 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dbe6ccc5-c4f6-4bf1-8980-95a36fcd9ffa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2459 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dbe6ccc5-c4f6-4bf1-8980-95a36fcd9ffa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2458 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dbe6ccc5-c4f6-4bf1-8980-95a36fcd9ffa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2457 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dbe6ccc5-c4f6-4bf1-8980-95a36fcd9ffa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2456 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dbe6ccc5-c4f6-4bf1-8980-95a36fcd9ffa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2455 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dbe6ccc5-c4f6-4bf1-8980-95a36fcd9ffa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2454 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=417faa91-7408-4cad-911c-88b4e3feaebc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7d887b7e-886d-4b39-8e22-05b7681e270f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2453 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=417faa91-7408-4cad-911c-88b4e3feaebc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2452 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=417faa91-7408-4cad-911c-88b4e3feaebc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2451 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=417faa91-7408-4cad-911c-88b4e3feaebc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2450 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=417faa91-7408-4cad-911c-88b4e3feaebc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2449 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=417faa91-7408-4cad-911c-88b4e3feaebc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2448 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=417faa91-7408-4cad-911c-88b4e3feaebc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2447 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 7:15:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca6ecab3-f24b-4666-84ff-820eae768859
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=23661d7a-382e-44be-9aee-898b5da820e8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2446 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e8b0a97f-00df-4200-a6f9-dcc23f59c88b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f08b3b82-4e0b-4170-9d8d-5cafbb685259
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2445 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e8b0a97f-00df-4200-a6f9-dcc23f59c88b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2444 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e8b0a97f-00df-4200-a6f9-dcc23f59c88b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2443 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e8b0a97f-00df-4200-a6f9-dcc23f59c88b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2442 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e8b0a97f-00df-4200-a6f9-dcc23f59c88b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2441 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e8b0a97f-00df-4200-a6f9-dcc23f59c88b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2440 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e8b0a97f-00df-4200-a6f9-dcc23f59c88b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2439 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e8b0a97f-00df-4200-a6f9-dcc23f59c88b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2438 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e8b0a97f-00df-4200-a6f9-dcc23f59c88b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2437 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca6ecab3-f24b-4666-84ff-820eae768859
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=23661d7a-382e-44be-9aee-898b5da820e8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2436 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca6ecab3-f24b-4666-84ff-820eae768859
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2435 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca6ecab3-f24b-4666-84ff-820eae768859
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2434 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca6ecab3-f24b-4666-84ff-820eae768859
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2433 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca6ecab3-f24b-4666-84ff-820eae768859
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2432 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca6ecab3-f24b-4666-84ff-820eae768859
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2431 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca6ecab3-f24b-4666-84ff-820eae768859
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2430 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7338a90a-7bae-4c02-a759-fc2c9baa24bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB5AEEARABRAEEATQBnAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEkAQQBOAHcAQQB4AEEARABVAEEATwBBAEEANABBAEQAWQBBAE8AQQBBADQAQQBEAEkAQQBNAEEAQQAyAEEARABZAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=99b628d0-14b4-49a3-84d2-b304ad31db08
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2429 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b3a6fa27-7c10-4262-8169-b827931bbe80
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADQAMgAuADUANgAtADIANwAxADUAOAA4ADYAOAA4ADIAMAA2ADYANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=76c245bd-3151-4499-8a77-16e18205881c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2428 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b3a6fa27-7c10-4262-8169-b827931bbe80
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADQAMgAuADUANgAtADIANwAxADUAOAA4ADYAOAA4ADIAMAA2ADYANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=76c245bd-3151-4499-8a77-16e18205881c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2427 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b3a6fa27-7c10-4262-8169-b827931bbe80
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADQAMgAuADUANgAtADIANwAxADUAOAA4ADYAOAA4ADIAMAA2ADYANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2426 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b3a6fa27-7c10-4262-8169-b827931bbe80
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADQAMgAuADUANgAtADIANwAxADUAOAA4ADYAOAA4ADIAMAA2ADYANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2425 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b3a6fa27-7c10-4262-8169-b827931bbe80
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADQAMgAuADUANgAtADIANwAxADUAOAA4ADYAOAA4ADIAMAA2ADYANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2424 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b3a6fa27-7c10-4262-8169-b827931bbe80
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADQAMgAuADUANgAtADIANwAxADUAOAA4ADYAOAA4ADIAMAA2ADYANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2423 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b3a6fa27-7c10-4262-8169-b827931bbe80
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADQAMgAuADUANgAtADIANwAxADUAOAA4ADYAOAA4ADIAMAA2ADYANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2422 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b3a6fa27-7c10-4262-8169-b827931bbe80
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADQAMgAuADUANgAtADIANwAxADUAOAA4ADYAOAA4ADIAMAA2ADYANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2421 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7338a90a-7bae-4c02-a759-fc2c9baa24bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB5AEEARABRAEEATQBnAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEkAQQBOAHcAQQB4AEEARABVAEEATwBBAEEANABBAEQAWQBBAE8AQQBBADQAQQBEAEkAQQBNAEEAQQAyAEEARABZAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=99b628d0-14b4-49a3-84d2-b304ad31db08
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2420 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7338a90a-7bae-4c02-a759-fc2c9baa24bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB5AEEARABRAEEATQBnAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEkAQQBOAHcAQQB4AEEARABVAEEATwBBAEEANABBAEQAWQBBAE8AQQBBADQAQQBEAEkAQQBNAEEAQQAyAEEARABZAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2419 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7338a90a-7bae-4c02-a759-fc2c9baa24bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB5AEEARABRAEEATQBnAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEkAQQBOAHcAQQB4AEEARABVAEEATwBBAEEANABBAEQAWQBBAE8AQQBBADQAQQBEAEkAQQBNAEEAQQAyAEEARABZAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2418 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7338a90a-7bae-4c02-a759-fc2c9baa24bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB5AEEARABRAEEATQBnAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEkAQQBOAHcAQQB4AEEARABVAEEATwBBAEEANABBAEQAWQBBAE8AQQBBADQAQQBEAEkAQQBNAEEAQQAyAEEARABZAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2417 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7338a90a-7bae-4c02-a759-fc2c9baa24bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB5AEEARABRAEEATQBnAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEkAQQBOAHcAQQB4AEEARABVAEEATwBBAEEANABBAEQAWQBBAE8AQQBBADQAQQBEAEkAQQBNAEEAQQAyAEEARABZAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2416 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7338a90a-7bae-4c02-a759-fc2c9baa24bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB5AEEARABRAEEATQBnAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEkAQQBOAHcAQQB4AEEARABVAEEATwBBAEEANABBAEQAWQBBAE8AQQBBADQAQQBEAEkAQQBNAEEAQQAyAEEARABZAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2415 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7338a90a-7bae-4c02-a759-fc2c9baa24bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB5AEEARABRAEEATQBnAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEkAQQBOAHcAQQB4AEEARABVAEEATwBBAEEANABBAEQAWQBBAE8AQQBBADQAQQBEAEkAQQBNAEEAQQAyAEEARABZAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2414 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c7c2e89-3708-489a-a3ca-63da90d9a677
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c312ac74-496f-4735-87f0-2a08b25c5225
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2413 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=04c69df9-ef46-4336-9e43-7476ee9e4d80
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ac3459e2-4fc8-4a63-8020-8c46e2185609
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2412 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=04c69df9-ef46-4336-9e43-7476ee9e4d80
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2411 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=04c69df9-ef46-4336-9e43-7476ee9e4d80
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2410 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=04c69df9-ef46-4336-9e43-7476ee9e4d80
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2409 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=04c69df9-ef46-4336-9e43-7476ee9e4d80
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2408 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=04c69df9-ef46-4336-9e43-7476ee9e4d80
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2407 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=04c69df9-ef46-4336-9e43-7476ee9e4d80
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2406 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=04c69df9-ef46-4336-9e43-7476ee9e4d80
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2405 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=04c69df9-ef46-4336-9e43-7476ee9e4d80
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2404 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c7c2e89-3708-489a-a3ca-63da90d9a677
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c312ac74-496f-4735-87f0-2a08b25c5225
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2403 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c7c2e89-3708-489a-a3ca-63da90d9a677
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2402 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c7c2e89-3708-489a-a3ca-63da90d9a677
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2401 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c7c2e89-3708-489a-a3ca-63da90d9a677
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2400 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c7c2e89-3708-489a-a3ca-63da90d9a677
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2399 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c7c2e89-3708-489a-a3ca-63da90d9a677
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2398 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c7c2e89-3708-489a-a3ca-63da90d9a677
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2397 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9b0ea602-06ac-4835-9ecd-1a7423d355b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADQAMgAuADUANgAtADIANwAxADUAOAA4ADYAOAA4ADIAMAA2ADYANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=c67b704a-9988-4077-8bca-a1109f3eac6c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2396 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9b0ea602-06ac-4835-9ecd-1a7423d355b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADQAMgAuADUANgAtADIANwAxADUAOAA4ADYAOAA4ADIAMAA2ADYANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=c67b704a-9988-4077-8bca-a1109f3eac6c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2395 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9b0ea602-06ac-4835-9ecd-1a7423d355b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADQAMgAuADUANgAtADIANwAxADUAOAA4ADYAOAA4ADIAMAA2ADYANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2394 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9b0ea602-06ac-4835-9ecd-1a7423d355b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADQAMgAuADUANgAtADIANwAxADUAOAA4ADYAOAA4ADIAMAA2ADYANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2393 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9b0ea602-06ac-4835-9ecd-1a7423d355b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADQAMgAuADUANgAtADIANwAxADUAOAA4ADYAOAA4ADIAMAA2ADYANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2392 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9b0ea602-06ac-4835-9ecd-1a7423d355b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADQAMgAuADUANgAtADIANwAxADUAOAA4ADYAOAA4ADIAMAA2ADYANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2391 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9b0ea602-06ac-4835-9ecd-1a7423d355b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADQAMgAuADUANgAtADIANwAxADUAOAA4ADYAOAA4ADIAMAA2ADYANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2390 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9b0ea602-06ac-4835-9ecd-1a7423d355b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADQAMgAuADUANgAtADIANwAxADUAOAA4ADYAOAA4ADIAMAA2ADYANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2389 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2777bebf-726c-42bf-a3fa-4d4181b2b4fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEkAQQBOAEEAQQB5AEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AZwBBADMAQQBEAEUAQQBOAFEAQQA0AEEARABnAEEATgBnAEEANABBAEQAZwBBAE0AZwBBAHcAQQBEAFkAQQBOAGcAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=e24f298f-14fa-4451-bf1d-596ffd2c785e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2388 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2984fff7-6574-4a8e-8e08-f0f288a49af7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADIANAAyAC4ANQA2AC0AMgA3ADEANQA4ADgANgA4ADgAMgAwADYANgA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=7281839d-5e9c-4131-9e9c-0ce5a908c637
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2387 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2984fff7-6574-4a8e-8e08-f0f288a49af7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADIANAAyAC4ANQA2AC0AMgA3ADEANQA4ADgANgA4ADgAMgAwADYANgA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=7281839d-5e9c-4131-9e9c-0ce5a908c637
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2386 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2984fff7-6574-4a8e-8e08-f0f288a49af7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADIANAAyAC4ANQA2AC0AMgA3ADEANQA4ADgANgA4ADgAMgAwADYANgA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2385 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2984fff7-6574-4a8e-8e08-f0f288a49af7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADIANAAyAC4ANQA2AC0AMgA3ADEANQA4ADgANgA4ADgAMgAwADYANgA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2384 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2984fff7-6574-4a8e-8e08-f0f288a49af7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADIANAAyAC4ANQA2AC0AMgA3ADEANQA4ADgANgA4ADgAMgAwADYANgA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2383 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2984fff7-6574-4a8e-8e08-f0f288a49af7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADIANAAyAC4ANQA2AC0AMgA3ADEANQA4ADgANgA4ADgAMgAwADYANgA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2382 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2984fff7-6574-4a8e-8e08-f0f288a49af7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADIANAAyAC4ANQA2AC0AMgA3ADEANQA4ADgANgA4ADgAMgAwADYANgA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2381 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2984fff7-6574-4a8e-8e08-f0f288a49af7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADIANAAyAC4ANQA2AC0AMgA3ADEANQA4ADgANgA4ADgAMgAwADYANgA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2380 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2777bebf-726c-42bf-a3fa-4d4181b2b4fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEkAQQBOAEEAQQB5AEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AZwBBADMAQQBEAEUAQQBOAFEAQQA0AEEARABnAEEATgBnAEEANABBAEQAZwBBAE0AZwBBAHcAQQBEAFkAQQBOAGcAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=e24f298f-14fa-4451-bf1d-596ffd2c785e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2379 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2777bebf-726c-42bf-a3fa-4d4181b2b4fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEkAQQBOAEEAQQB5AEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AZwBBADMAQQBEAEUAQQBOAFEAQQA0AEEARABnAEEATgBnAEEANABBAEQAZwBBAE0AZwBBAHcAQQBEAFkAQQBOAGcAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2378 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2777bebf-726c-42bf-a3fa-4d4181b2b4fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEkAQQBOAEEAQQB5AEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AZwBBADMAQQBEAEUAQQBOAFEAQQA0AEEARABnAEEATgBnAEEANABBAEQAZwBBAE0AZwBBAHcAQQBEAFkAQQBOAGcAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2377 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2777bebf-726c-42bf-a3fa-4d4181b2b4fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEkAQQBOAEEAQQB5AEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AZwBBADMAQQBEAEUAQQBOAFEAQQA0AEEARABnAEEATgBnAEEANABBAEQAZwBBAE0AZwBBAHcAQQBEAFkAQQBOAGcAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2376 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2777bebf-726c-42bf-a3fa-4d4181b2b4fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEkAQQBOAEEAQQB5AEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AZwBBADMAQQBEAEUAQQBOAFEAQQA0AEEARABnAEEATgBnAEEANABBAEQAZwBBAE0AZwBBAHcAQQBEAFkAQQBOAGcAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2375 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2777bebf-726c-42bf-a3fa-4d4181b2b4fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEkAQQBOAEEAQQB5AEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AZwBBADMAQQBEAEUAQQBOAFEAQQA0AEEARABnAEEATgBnAEEANABBAEQAZwBBAE0AZwBBAHcAQQBEAFkAQQBOAGcAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2374 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2777bebf-726c-42bf-a3fa-4d4181b2b4fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEkAQQBOAEEAQQB5AEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AZwBBADMAQQBEAEUAQQBOAFEAQQA0AEEARABnAEEATgBnAEEANABBAEQAZwBBAE0AZwBBAHcAQQBEAFkAQQBOAGcAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2373 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b94b448f-47cb-4f49-9e0c-2aad8a45eedd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=54b77366-8f85-47f7-ab0b-bed3e2dbf107
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2372 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f38dca0d-5aec-4c5b-b0db-d088374d8045
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f4841188-b445-41b5-8f8a-c9d71406cdea
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2371 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f38dca0d-5aec-4c5b-b0db-d088374d8045
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2370 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f38dca0d-5aec-4c5b-b0db-d088374d8045
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2369 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f38dca0d-5aec-4c5b-b0db-d088374d8045
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2368 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f38dca0d-5aec-4c5b-b0db-d088374d8045
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2367 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f38dca0d-5aec-4c5b-b0db-d088374d8045
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2366 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f38dca0d-5aec-4c5b-b0db-d088374d8045
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2365 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f38dca0d-5aec-4c5b-b0db-d088374d8045
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2364 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f38dca0d-5aec-4c5b-b0db-d088374d8045
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2363 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b94b448f-47cb-4f49-9e0c-2aad8a45eedd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=54b77366-8f85-47f7-ab0b-bed3e2dbf107
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2362 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b94b448f-47cb-4f49-9e0c-2aad8a45eedd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2361 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b94b448f-47cb-4f49-9e0c-2aad8a45eedd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2360 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b94b448f-47cb-4f49-9e0c-2aad8a45eedd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2359 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b94b448f-47cb-4f49-9e0c-2aad8a45eedd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2358 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b94b448f-47cb-4f49-9e0c-2aad8a45eedd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2357 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b94b448f-47cb-4f49-9e0c-2aad8a45eedd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2356 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=45876776-9a90-4ca2-9038-29b004fcb12d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4812ee27-31ef-4b60-bc73-6812806141bc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2355 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=090eb8c7-aeb9-4649-979a-c1d42a03f8ef
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=5.1.14393.1944
RunspaceId=900b2bea-b469-4d41-a014-f7e04b4f815a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2354 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=090eb8c7-aeb9-4649-979a-c1d42a03f8ef
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=5.1.14393.1944
RunspaceId=900b2bea-b469-4d41-a014-f7e04b4f815a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2353 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=090eb8c7-aeb9-4649-979a-c1d42a03f8ef
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2352 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=090eb8c7-aeb9-4649-979a-c1d42a03f8ef
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2351 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=090eb8c7-aeb9-4649-979a-c1d42a03f8ef
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2350 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=090eb8c7-aeb9-4649-979a-c1d42a03f8ef
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2349 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=090eb8c7-aeb9-4649-979a-c1d42a03f8ef
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2348 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=090eb8c7-aeb9-4649-979a-c1d42a03f8ef
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2347 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f32c892c-ed6e-45a9-8b04-5d73b4de735a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=43977de8-7671-420c-b514-542c7a6f179d
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2346 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f32c892c-ed6e-45a9-8b04-5d73b4de735a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=43977de8-7671-420c-b514-542c7a6f179d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2345 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f32c892c-ed6e-45a9-8b04-5d73b4de735a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2344 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f32c892c-ed6e-45a9-8b04-5d73b4de735a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2343 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f32c892c-ed6e-45a9-8b04-5d73b4de735a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2342 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f32c892c-ed6e-45a9-8b04-5d73b4de735a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2341 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f32c892c-ed6e-45a9-8b04-5d73b4de735a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2340 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f32c892c-ed6e-45a9-8b04-5d73b4de735a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2339 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f32c892c-ed6e-45a9-8b04-5d73b4de735a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2338 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f32c892c-ed6e-45a9-8b04-5d73b4de735a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2337 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=45876776-9a90-4ca2-9038-29b004fcb12d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4812ee27-31ef-4b60-bc73-6812806141bc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2336 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=45876776-9a90-4ca2-9038-29b004fcb12d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2335 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=45876776-9a90-4ca2-9038-29b004fcb12d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2334 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=45876776-9a90-4ca2-9038-29b004fcb12d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2333 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=45876776-9a90-4ca2-9038-29b004fcb12d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2332 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=45876776-9a90-4ca2-9038-29b004fcb12d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2331 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=45876776-9a90-4ca2-9038-29b004fcb12d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2330 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bc09dfe-5b8e-4c5a-88ba-299ba389db47
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f4d7e6e2-849a-4c86-806c-b117ee40449a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2329 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=087e31ba-ea64-45a9-81e1-e5928e4447cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=65f5e955-0ff2-41db-9105-74fe1bff6360
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2328 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=087e31ba-ea64-45a9-81e1-e5928e4447cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2327 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=087e31ba-ea64-45a9-81e1-e5928e4447cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2326 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=087e31ba-ea64-45a9-81e1-e5928e4447cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2325 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=087e31ba-ea64-45a9-81e1-e5928e4447cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2324 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=087e31ba-ea64-45a9-81e1-e5928e4447cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2323 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=087e31ba-ea64-45a9-81e1-e5928e4447cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2322 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=087e31ba-ea64-45a9-81e1-e5928e4447cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2321 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=087e31ba-ea64-45a9-81e1-e5928e4447cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2320 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bc09dfe-5b8e-4c5a-88ba-299ba389db47
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f4d7e6e2-849a-4c86-806c-b117ee40449a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2319 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bc09dfe-5b8e-4c5a-88ba-299ba389db47
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2318 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bc09dfe-5b8e-4c5a-88ba-299ba389db47
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2317 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bc09dfe-5b8e-4c5a-88ba-299ba389db47
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2316 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bc09dfe-5b8e-4c5a-88ba-299ba389db47
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2315 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bc09dfe-5b8e-4c5a-88ba-299ba389db47
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2314 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bc09dfe-5b8e-4c5a-88ba-299ba389db47
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2313 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bdaaf837-8443-419f-ae95-99f4c33c0045
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=37829750-ec44-4c8a-af19-62d9bc4230da
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2312 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=18d9d880-5152-4b9f-9ac1-9e4298751ce6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=5.1.14393.1944
RunspaceId=83d12aef-c2ea-4307-9159-23dd40fdb53b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2311 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=18d9d880-5152-4b9f-9ac1-9e4298751ce6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=5.1.14393.1944
RunspaceId=83d12aef-c2ea-4307-9159-23dd40fdb53b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2310 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=18d9d880-5152-4b9f-9ac1-9e4298751ce6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2309 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=18d9d880-5152-4b9f-9ac1-9e4298751ce6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2308 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=18d9d880-5152-4b9f-9ac1-9e4298751ce6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2307 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=18d9d880-5152-4b9f-9ac1-9e4298751ce6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2306 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=18d9d880-5152-4b9f-9ac1-9e4298751ce6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2305 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=18d9d880-5152-4b9f-9ac1-9e4298751ce6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2304 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=be4e7535-61b1-43ab-a508-ce4bb6f9425a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=70038124-16f4-4fbb-9996-92f56e5fa783
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2303 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=be4e7535-61b1-43ab-a508-ce4bb6f9425a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=70038124-16f4-4fbb-9996-92f56e5fa783
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2302 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=be4e7535-61b1-43ab-a508-ce4bb6f9425a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2301 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=be4e7535-61b1-43ab-a508-ce4bb6f9425a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2300 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=be4e7535-61b1-43ab-a508-ce4bb6f9425a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2299 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=be4e7535-61b1-43ab-a508-ce4bb6f9425a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2298 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=be4e7535-61b1-43ab-a508-ce4bb6f9425a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2297 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=be4e7535-61b1-43ab-a508-ce4bb6f9425a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2296 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=be4e7535-61b1-43ab-a508-ce4bb6f9425a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2295 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=be4e7535-61b1-43ab-a508-ce4bb6f9425a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2294 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bdaaf837-8443-419f-ae95-99f4c33c0045
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=37829750-ec44-4c8a-af19-62d9bc4230da
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2293 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bdaaf837-8443-419f-ae95-99f4c33c0045
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2292 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bdaaf837-8443-419f-ae95-99f4c33c0045
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2291 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bdaaf837-8443-419f-ae95-99f4c33c0045
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2290 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bdaaf837-8443-419f-ae95-99f4c33c0045
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2289 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bdaaf837-8443-419f-ae95-99f4c33c0045
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2288 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bdaaf837-8443-419f-ae95-99f4c33c0045
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2287 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b996edb-0963-43a6-bb99-2ce234777f47
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB5AEEARABBAEEATwBRAEEAdQBBAEQAVQBBAE4AdwBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABBAEEATwBRAEEANQBBAEQAQQBBAE8AQQBBADEAQQBEAGsAQQBNAEEAQQAxAEEARABnAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=4ab30b27-105d-49a7-9705-92b81550ca85
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2286 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bed6bc38-6f8e-47d5-a65c-35551330670d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADAAOQAuADUANwAtADEANwA4ADAAOQA5ADAAOAA1ADkAMAA1ADgANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=8abf420a-a79d-4c90-8580-e377c1bb61af
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2285 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bed6bc38-6f8e-47d5-a65c-35551330670d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADAAOQAuADUANwAtADEANwA4ADAAOQA5ADAAOAA1ADkAMAA1ADgANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=8abf420a-a79d-4c90-8580-e377c1bb61af
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2284 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bed6bc38-6f8e-47d5-a65c-35551330670d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADAAOQAuADUANwAtADEANwA4ADAAOQA5ADAAOAA1ADkAMAA1ADgANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2283 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bed6bc38-6f8e-47d5-a65c-35551330670d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADAAOQAuADUANwAtADEANwA4ADAAOQA5ADAAOAA1ADkAMAA1ADgANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2282 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bed6bc38-6f8e-47d5-a65c-35551330670d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADAAOQAuADUANwAtADEANwA4ADAAOQA5ADAAOAA1ADkAMAA1ADgANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2281 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bed6bc38-6f8e-47d5-a65c-35551330670d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADAAOQAuADUANwAtADEANwA4ADAAOQA5ADAAOAA1ADkAMAA1ADgANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2280 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bed6bc38-6f8e-47d5-a65c-35551330670d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADAAOQAuADUANwAtADEANwA4ADAAOQA5ADAAOAA1ADkAMAA1ADgANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2279 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bed6bc38-6f8e-47d5-a65c-35551330670d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADAAOQAuADUANwAtADEANwA4ADAAOQA5ADAAOAA1ADkAMAA1ADgANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2278 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b996edb-0963-43a6-bb99-2ce234777f47
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB5AEEARABBAEEATwBRAEEAdQBBAEQAVQBBAE4AdwBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABBAEEATwBRAEEANQBBAEQAQQBBAE8AQQBBADEAQQBEAGsAQQBNAEEAQQAxAEEARABnAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=4ab30b27-105d-49a7-9705-92b81550ca85
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2277 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b996edb-0963-43a6-bb99-2ce234777f47
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB5AEEARABBAEEATwBRAEEAdQBBAEQAVQBBAE4AdwBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABBAEEATwBRAEEANQBBAEQAQQBBAE8AQQBBADEAQQBEAGsAQQBNAEEAQQAxAEEARABnAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2276 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b996edb-0963-43a6-bb99-2ce234777f47
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB5AEEARABBAEEATwBRAEEAdQBBAEQAVQBBAE4AdwBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABBAEEATwBRAEEANQBBAEQAQQBBAE8AQQBBADEAQQBEAGsAQQBNAEEAQQAxAEEARABnAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2275 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b996edb-0963-43a6-bb99-2ce234777f47
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB5AEEARABBAEEATwBRAEEAdQBBAEQAVQBBAE4AdwBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABBAEEATwBRAEEANQBBAEQAQQBBAE8AQQBBADEAQQBEAGsAQQBNAEEAQQAxAEEARABnAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2274 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b996edb-0963-43a6-bb99-2ce234777f47
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB5AEEARABBAEEATwBRAEEAdQBBAEQAVQBBAE4AdwBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABBAEEATwBRAEEANQBBAEQAQQBBAE8AQQBBADEAQQBEAGsAQQBNAEEAQQAxAEEARABnAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2273 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b996edb-0963-43a6-bb99-2ce234777f47
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB5AEEARABBAEEATwBRAEEAdQBBAEQAVQBBAE4AdwBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABBAEEATwBRAEEANQBBAEQAQQBBAE8AQQBBADEAQQBEAGsAQQBNAEEAQQAxAEEARABnAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2272 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b996edb-0963-43a6-bb99-2ce234777f47
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB5AEEARABBAEEATwBRAEEAdQBBAEQAVQBBAE4AdwBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABBAEEATwBRAEEANQBBAEQAQQBBAE8AQQBBADEAQQBEAGsAQQBNAEEAQQAxAEEARABnAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2271 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cb4a35a-cfea-4e10-a546-f7870c2e2996
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7a6d61c1-8463-4bf2-98c2-5b901b36b68e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2270 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9f345516-33a7-4a2b-9561-0d53fd97c6ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8f422bed-0082-4aa9-a819-3716734d291a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2269 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9f345516-33a7-4a2b-9561-0d53fd97c6ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2268 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9f345516-33a7-4a2b-9561-0d53fd97c6ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2267 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9f345516-33a7-4a2b-9561-0d53fd97c6ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2266 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9f345516-33a7-4a2b-9561-0d53fd97c6ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2265 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9f345516-33a7-4a2b-9561-0d53fd97c6ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2264 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9f345516-33a7-4a2b-9561-0d53fd97c6ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2263 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9f345516-33a7-4a2b-9561-0d53fd97c6ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2262 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9f345516-33a7-4a2b-9561-0d53fd97c6ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2261 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cb4a35a-cfea-4e10-a546-f7870c2e2996
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7a6d61c1-8463-4bf2-98c2-5b901b36b68e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2260 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cb4a35a-cfea-4e10-a546-f7870c2e2996
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2259 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cb4a35a-cfea-4e10-a546-f7870c2e2996
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2258 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cb4a35a-cfea-4e10-a546-f7870c2e2996
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2257 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cb4a35a-cfea-4e10-a546-f7870c2e2996
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2256 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cb4a35a-cfea-4e10-a546-f7870c2e2996
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2255 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0cb4a35a-cfea-4e10-a546-f7870c2e2996
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2254 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9db5ca48-5cbd-42c1-9e4d-e9ebad999106
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADAAOQAuADUANwAtADEANwA4ADAAOQA5ADAAOAA1ADkAMAA1ADgANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=41f18b14-be50-4921-a99a-e1b548108cb3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2253 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9db5ca48-5cbd-42c1-9e4d-e9ebad999106
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADAAOQAuADUANwAtADEANwA4ADAAOQA5ADAAOAA1ADkAMAA1ADgANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=41f18b14-be50-4921-a99a-e1b548108cb3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2252 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9db5ca48-5cbd-42c1-9e4d-e9ebad999106
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADAAOQAuADUANwAtADEANwA4ADAAOQA5ADAAOAA1ADkAMAA1ADgANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2251 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9db5ca48-5cbd-42c1-9e4d-e9ebad999106
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADAAOQAuADUANwAtADEANwA4ADAAOQA5ADAAOAA1ADkAMAA1ADgANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2250 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9db5ca48-5cbd-42c1-9e4d-e9ebad999106
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADAAOQAuADUANwAtADEANwA4ADAAOQA5ADAAOAA1ADkAMAA1ADgANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2249 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9db5ca48-5cbd-42c1-9e4d-e9ebad999106
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADAAOQAuADUANwAtADEANwA4ADAAOQA5ADAAOAA1ADkAMAA1ADgANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2248 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9db5ca48-5cbd-42c1-9e4d-e9ebad999106
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADAAOQAuADUANwAtADEANwA4ADAAOQA5ADAAOAA1ADkAMAA1ADgANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2247 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9db5ca48-5cbd-42c1-9e4d-e9ebad999106
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAyADAAOQAuADUANwAtADEANwA4ADAAOQA5ADAAOAA1ADkAMAA1ADgANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2246 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc9319b8-db3b-4a56-a92d-a10f481805e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEkAQQBNAEEAQQA1AEEAQwA0AEEATgBRAEEAMwBBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBNAEEAQQA1AEEARABrAEEATQBBAEEANABBAEQAVQBBAE8AUQBBAHcAQQBEAFUAQQBPAEEAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=0e54ab75-2f33-4464-9f40-2f06c285b33f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2245 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3d5aa95-c774-47e0-bb6f-b78f821f4541
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADIAMAA5AC4ANQA3AC0AMQA3ADgAMAA5ADkAMAA4ADUAOQAwADUAOAA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=24f8509a-d4dc-4e08-83ce-c29f577e9cdc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2244 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3d5aa95-c774-47e0-bb6f-b78f821f4541
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADIAMAA5AC4ANQA3AC0AMQA3ADgAMAA5ADkAMAA4ADUAOQAwADUAOAA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=24f8509a-d4dc-4e08-83ce-c29f577e9cdc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2243 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3d5aa95-c774-47e0-bb6f-b78f821f4541
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADIAMAA5AC4ANQA3AC0AMQA3ADgAMAA5ADkAMAA4ADUAOQAwADUAOAA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2242 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3d5aa95-c774-47e0-bb6f-b78f821f4541
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADIAMAA5AC4ANQA3AC0AMQA3ADgAMAA5ADkAMAA4ADUAOQAwADUAOAA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2241 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3d5aa95-c774-47e0-bb6f-b78f821f4541
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADIAMAA5AC4ANQA3AC0AMQA3ADgAMAA5ADkAMAA4ADUAOQAwADUAOAA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2240 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3d5aa95-c774-47e0-bb6f-b78f821f4541
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADIAMAA5AC4ANQA3AC0AMQA3ADgAMAA5ADkAMAA4ADUAOQAwADUAOAA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2239 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3d5aa95-c774-47e0-bb6f-b78f821f4541
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADIAMAA5AC4ANQA3AC0AMQA3ADgAMAA5ADkAMAA4ADUAOQAwADUAOAA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2238 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3d5aa95-c774-47e0-bb6f-b78f821f4541
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADIAMAA5AC4ANQA3AC0AMQA3ADgAMAA5ADkAMAA4ADUAOQAwADUAOAA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2237 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc9319b8-db3b-4a56-a92d-a10f481805e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEkAQQBNAEEAQQA1AEEAQwA0AEEATgBRAEEAMwBBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBNAEEAQQA1AEEARABrAEEATQBBAEEANABBAEQAVQBBAE8AUQBBAHcAQQBEAFUAQQBPAEEAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=0e54ab75-2f33-4464-9f40-2f06c285b33f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2236 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc9319b8-db3b-4a56-a92d-a10f481805e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEkAQQBNAEEAQQA1AEEAQwA0AEEATgBRAEEAMwBBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBNAEEAQQA1AEEARABrAEEATQBBAEEANABBAEQAVQBBAE8AUQBBAHcAQQBEAFUAQQBPAEEAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2235 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc9319b8-db3b-4a56-a92d-a10f481805e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEkAQQBNAEEAQQA1AEEAQwA0AEEATgBRAEEAMwBBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBNAEEAQQA1AEEARABrAEEATQBBAEEANABBAEQAVQBBAE8AUQBBAHcAQQBEAFUAQQBPAEEAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2234 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc9319b8-db3b-4a56-a92d-a10f481805e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEkAQQBNAEEAQQA1AEEAQwA0AEEATgBRAEEAMwBBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBNAEEAQQA1AEEARABrAEEATQBBAEEANABBAEQAVQBBAE8AUQBBAHcAQQBEAFUAQQBPAEEAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2233 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc9319b8-db3b-4a56-a92d-a10f481805e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEkAQQBNAEEAQQA1AEEAQwA0AEEATgBRAEEAMwBBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBNAEEAQQA1AEEARABrAEEATQBBAEEANABBAEQAVQBBAE8AUQBBAHcAQQBEAFUAQQBPAEEAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2232 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc9319b8-db3b-4a56-a92d-a10f481805e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEkAQQBNAEEAQQA1AEEAQwA0AEEATgBRAEEAMwBBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBNAEEAQQA1AEEARABrAEEATQBBAEEANABBAEQAVQBBAE8AUQBBAHcAQQBEAFUAQQBPAEEAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2231 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc9319b8-db3b-4a56-a92d-a10f481805e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEkAQQBNAEEAQQA1AEEAQwA0AEEATgBRAEEAMwBBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBNAEEAQQA1AEEARABrAEEATQBBAEEANABBAEQAVQBBAE8AUQBBAHcAQQBEAFUAQQBPAEEAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2230 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfb9daec-972e-4e0c-a389-b00ae47a2db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9f2a1d55-8b82-45ef-9446-4eb073ba9abf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2229 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4c76643d-9239-451e-ad79-852f8c0fed3e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5ef60fce-a26c-465a-bbc1-ad2d8dbee717
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2228 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4c76643d-9239-451e-ad79-852f8c0fed3e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2227 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4c76643d-9239-451e-ad79-852f8c0fed3e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2226 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4c76643d-9239-451e-ad79-852f8c0fed3e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2225 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4c76643d-9239-451e-ad79-852f8c0fed3e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2224 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4c76643d-9239-451e-ad79-852f8c0fed3e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2223 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4c76643d-9239-451e-ad79-852f8c0fed3e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2222 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4c76643d-9239-451e-ad79-852f8c0fed3e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2221 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4c76643d-9239-451e-ad79-852f8c0fed3e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2220 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfb9daec-972e-4e0c-a389-b00ae47a2db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9f2a1d55-8b82-45ef-9446-4eb073ba9abf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2219 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfb9daec-972e-4e0c-a389-b00ae47a2db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2218 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfb9daec-972e-4e0c-a389-b00ae47a2db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2217 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfb9daec-972e-4e0c-a389-b00ae47a2db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2216 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfb9daec-972e-4e0c-a389-b00ae47a2db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2215 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfb9daec-972e-4e0c-a389-b00ae47a2db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2214 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfb9daec-972e-4e0c-a389-b00ae47a2db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2213 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7142d3a6-f22d-40c2-a6f4-50c53098a17f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f6a3f8c0-893a-4c06-a9a9-9e2720d85ca3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2212 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c2402be-573f-4228-aa35-6bc5fcc57423
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=5.1.14393.1944
RunspaceId=9a9beaef-a03f-4f96-bf09-498dd3002431
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2211 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c2402be-573f-4228-aa35-6bc5fcc57423
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=5.1.14393.1944
RunspaceId=9a9beaef-a03f-4f96-bf09-498dd3002431
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2210 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c2402be-573f-4228-aa35-6bc5fcc57423
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2209 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c2402be-573f-4228-aa35-6bc5fcc57423
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2208 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c2402be-573f-4228-aa35-6bc5fcc57423
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2207 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c2402be-573f-4228-aa35-6bc5fcc57423
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2206 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c2402be-573f-4228-aa35-6bc5fcc57423
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2205 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c2402be-573f-4228-aa35-6bc5fcc57423
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2204 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c6419d70-9062-435c-9937-4bc58be67067
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=16ea4811-59ab-4c24-8c14-544db33b1f4c
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2203 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c6419d70-9062-435c-9937-4bc58be67067
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=16ea4811-59ab-4c24-8c14-544db33b1f4c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2202 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c6419d70-9062-435c-9937-4bc58be67067
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2201 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c6419d70-9062-435c-9937-4bc58be67067
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2200 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c6419d70-9062-435c-9937-4bc58be67067
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2199 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c6419d70-9062-435c-9937-4bc58be67067
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2198 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c6419d70-9062-435c-9937-4bc58be67067
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2197 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c6419d70-9062-435c-9937-4bc58be67067
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2196 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c6419d70-9062-435c-9937-4bc58be67067
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2195 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c6419d70-9062-435c-9937-4bc58be67067
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2194 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7142d3a6-f22d-40c2-a6f4-50c53098a17f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f6a3f8c0-893a-4c06-a9a9-9e2720d85ca3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2193 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7142d3a6-f22d-40c2-a6f4-50c53098a17f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2192 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7142d3a6-f22d-40c2-a6f4-50c53098a17f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2191 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7142d3a6-f22d-40c2-a6f4-50c53098a17f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2190 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7142d3a6-f22d-40c2-a6f4-50c53098a17f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2189 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7142d3a6-f22d-40c2-a6f4-50c53098a17f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2188 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7142d3a6-f22d-40c2-a6f4-50c53098a17f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2187 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aeddfd07-baf8-480e-9beb-afe7c818d513
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1d2bed59-e2d3-40e5-aff0-d5f7bc9e4987
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2186 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7d2b00e0-5c9a-4190-95a1-206a4e9d086b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f9eaca9b-4f32-4a22-ad46-ff66c3f67454
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2185 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7d2b00e0-5c9a-4190-95a1-206a4e9d086b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2184 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7d2b00e0-5c9a-4190-95a1-206a4e9d086b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2183 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7d2b00e0-5c9a-4190-95a1-206a4e9d086b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2182 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7d2b00e0-5c9a-4190-95a1-206a4e9d086b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2181 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7d2b00e0-5c9a-4190-95a1-206a4e9d086b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2180 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7d2b00e0-5c9a-4190-95a1-206a4e9d086b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2179 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7d2b00e0-5c9a-4190-95a1-206a4e9d086b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2178 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7d2b00e0-5c9a-4190-95a1-206a4e9d086b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2177 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aeddfd07-baf8-480e-9beb-afe7c818d513
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1d2bed59-e2d3-40e5-aff0-d5f7bc9e4987
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2176 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aeddfd07-baf8-480e-9beb-afe7c818d513
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2175 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aeddfd07-baf8-480e-9beb-afe7c818d513
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2174 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aeddfd07-baf8-480e-9beb-afe7c818d513
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2173 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aeddfd07-baf8-480e-9beb-afe7c818d513
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2172 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aeddfd07-baf8-480e-9beb-afe7c818d513
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2171 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aeddfd07-baf8-480e-9beb-afe7c818d513
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2170 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8d4f1ed-b699-4614-a1ba-52508de1dc6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c865d496-973c-4d0a-8d49-c7bb43732868
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2169 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4648626a-7f30-4de8-a1d5-60d58232d06a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=507e549d-6958-43cb-94f7-113dc2ec971c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2168 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4648626a-7f30-4de8-a1d5-60d58232d06a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=507e549d-6958-43cb-94f7-113dc2ec971c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2167 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4648626a-7f30-4de8-a1d5-60d58232d06a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2166 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4648626a-7f30-4de8-a1d5-60d58232d06a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2165 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4648626a-7f30-4de8-a1d5-60d58232d06a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2164 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4648626a-7f30-4de8-a1d5-60d58232d06a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2163 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4648626a-7f30-4de8-a1d5-60d58232d06a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2162 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4648626a-7f30-4de8-a1d5-60d58232d06a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2161 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79b6e561-7ab4-4910-b7cc-f4ca39710d2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=809be86f-0786-4fbe-99ef-f77bde72bb06
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2160 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79b6e561-7ab4-4910-b7cc-f4ca39710d2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=809be86f-0786-4fbe-99ef-f77bde72bb06
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2159 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79b6e561-7ab4-4910-b7cc-f4ca39710d2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2158 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79b6e561-7ab4-4910-b7cc-f4ca39710d2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2157 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79b6e561-7ab4-4910-b7cc-f4ca39710d2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2156 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79b6e561-7ab4-4910-b7cc-f4ca39710d2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2155 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79b6e561-7ab4-4910-b7cc-f4ca39710d2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2154 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79b6e561-7ab4-4910-b7cc-f4ca39710d2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2153 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79b6e561-7ab4-4910-b7cc-f4ca39710d2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2152 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79b6e561-7ab4-4910-b7cc-f4ca39710d2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2151 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8d4f1ed-b699-4614-a1ba-52508de1dc6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c865d496-973c-4d0a-8d49-c7bb43732868
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2150 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8d4f1ed-b699-4614-a1ba-52508de1dc6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2149 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8d4f1ed-b699-4614-a1ba-52508de1dc6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2148 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8d4f1ed-b699-4614-a1ba-52508de1dc6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2147 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8d4f1ed-b699-4614-a1ba-52508de1dc6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2146 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8d4f1ed-b699-4614-a1ba-52508de1dc6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2145 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8d4f1ed-b699-4614-a1ba-52508de1dc6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2144 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ff259ff3-498d-4532-83e5-3f521c8bcc00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB4AEEARABVAEEATwBRAEEAdQBBAEQASQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB4AEEARABVAEEATgBBAEEANABBAEQAawBBAE0AdwBBAHoAQQBEAFUAQQBPAFEAQQB5AEEARABJAEEATgBRAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=e0896ed2-0d88-4bd6-b256-f8b19d80f12f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2143 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=41e3f03f-5035-4797-8abe-4494181052b5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAxADUAOQAuADIANwAtADIAMQAxADUANAA4ADkAMwAzADUAOQAyADIANQA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=822c201c-a24f-49f3-9e94-0f0a7e17ffa4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2142 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=41e3f03f-5035-4797-8abe-4494181052b5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAxADUAOQAuADIANwAtADIAMQAxADUANAA4ADkAMwAzADUAOQAyADIANQA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=822c201c-a24f-49f3-9e94-0f0a7e17ffa4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2141 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=41e3f03f-5035-4797-8abe-4494181052b5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAxADUAOQAuADIANwAtADIAMQAxADUANAA4ADkAMwAzADUAOQAyADIANQA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2140 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=41e3f03f-5035-4797-8abe-4494181052b5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAxADUAOQAuADIANwAtADIAMQAxADUANAA4ADkAMwAzADUAOQAyADIANQA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2139 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=41e3f03f-5035-4797-8abe-4494181052b5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAxADUAOQAuADIANwAtADIAMQAxADUANAA4ADkAMwAzADUAOQAyADIANQA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2138 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=41e3f03f-5035-4797-8abe-4494181052b5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAxADUAOQAuADIANwAtADIAMQAxADUANAA4ADkAMwAzADUAOQAyADIANQA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2137 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=41e3f03f-5035-4797-8abe-4494181052b5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAxADUAOQAuADIANwAtADIAMQAxADUANAA4ADkAMwAzADUAOQAyADIANQA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2136 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=41e3f03f-5035-4797-8abe-4494181052b5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAxADUAOQAuADIANwAtADIAMQAxADUANAA4ADkAMwAzADUAOQAyADIANQA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2135 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ff259ff3-498d-4532-83e5-3f521c8bcc00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB4AEEARABVAEEATwBRAEEAdQBBAEQASQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB4AEEARABVAEEATgBBAEEANABBAEQAawBBAE0AdwBBAHoAQQBEAFUAQQBPAFEAQQB5AEEARABJAEEATgBRAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=e0896ed2-0d88-4bd6-b256-f8b19d80f12f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2134 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ff259ff3-498d-4532-83e5-3f521c8bcc00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB4AEEARABVAEEATwBRAEEAdQBBAEQASQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB4AEEARABVAEEATgBBAEEANABBAEQAawBBAE0AdwBBAHoAQQBEAFUAQQBPAFEAQQB5AEEARABJAEEATgBRAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2133 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ff259ff3-498d-4532-83e5-3f521c8bcc00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB4AEEARABVAEEATwBRAEEAdQBBAEQASQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB4AEEARABVAEEATgBBAEEANABBAEQAawBBAE0AdwBBAHoAQQBEAFUAQQBPAFEAQQB5AEEARABJAEEATgBRAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2132 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ff259ff3-498d-4532-83e5-3f521c8bcc00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB4AEEARABVAEEATwBRAEEAdQBBAEQASQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB4AEEARABVAEEATgBBAEEANABBAEQAawBBAE0AdwBBAHoAQQBEAFUAQQBPAFEAQQB5AEEARABJAEEATgBRAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2131 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ff259ff3-498d-4532-83e5-3f521c8bcc00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB4AEEARABVAEEATwBRAEEAdQBBAEQASQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB4AEEARABVAEEATgBBAEEANABBAEQAawBBAE0AdwBBAHoAQQBEAFUAQQBPAFEAQQB5AEEARABJAEEATgBRAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2130 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ff259ff3-498d-4532-83e5-3f521c8bcc00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB4AEEARABVAEEATwBRAEEAdQBBAEQASQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB4AEEARABVAEEATgBBAEEANABBAEQAawBBAE0AdwBBAHoAQQBEAFUAQQBPAFEAQQB5AEEARABJAEEATgBRAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2129 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ff259ff3-498d-4532-83e5-3f521c8bcc00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB4AEEARABVAEEATwBRAEEAdQBBAEQASQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB4AEEARABVAEEATgBBAEEANABBAEQAawBBAE0AdwBBAHoAQQBEAFUAQQBPAFEAQQB5AEEARABJAEEATgBRAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2128 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e08fc521-a760-4487-8972-cacfaf9bd4bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ec39a774-c07a-44d3-81b8-168e3ad1d6d6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2127 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=51759889-965f-4e88-9095-c865f20d6e19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ece20963-62fa-4c23-8712-a16021637059
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2126 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=51759889-965f-4e88-9095-c865f20d6e19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2125 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=51759889-965f-4e88-9095-c865f20d6e19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2124 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=51759889-965f-4e88-9095-c865f20d6e19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2123 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=51759889-965f-4e88-9095-c865f20d6e19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2122 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=51759889-965f-4e88-9095-c865f20d6e19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2121 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=51759889-965f-4e88-9095-c865f20d6e19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2120 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=51759889-965f-4e88-9095-c865f20d6e19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2119 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=51759889-965f-4e88-9095-c865f20d6e19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2118 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e08fc521-a760-4487-8972-cacfaf9bd4bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ec39a774-c07a-44d3-81b8-168e3ad1d6d6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2117 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e08fc521-a760-4487-8972-cacfaf9bd4bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2116 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e08fc521-a760-4487-8972-cacfaf9bd4bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2115 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e08fc521-a760-4487-8972-cacfaf9bd4bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2114 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e08fc521-a760-4487-8972-cacfaf9bd4bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2113 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e08fc521-a760-4487-8972-cacfaf9bd4bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2112 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e08fc521-a760-4487-8972-cacfaf9bd4bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2111 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca47c520-cacd-4b76-8d89-ae9a87ff773c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAxADUAOQAuADIANwAtADIAMQAxADUANAA4ADkAMwAzADUAOQAyADIANQA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=f4961b86-5977-4c12-85ab-deee57c4950f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2110 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca47c520-cacd-4b76-8d89-ae9a87ff773c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAxADUAOQAuADIANwAtADIAMQAxADUANAA4ADkAMwAzADUAOQAyADIANQA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=f4961b86-5977-4c12-85ab-deee57c4950f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2109 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca47c520-cacd-4b76-8d89-ae9a87ff773c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAxADUAOQAuADIANwAtADIAMQAxADUANAA4ADkAMwAzADUAOQAyADIANQA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2108 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca47c520-cacd-4b76-8d89-ae9a87ff773c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAxADUAOQAuADIANwAtADIAMQAxADUANAA4ADkAMwAzADUAOQAyADIANQA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2107 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca47c520-cacd-4b76-8d89-ae9a87ff773c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAxADUAOQAuADIANwAtADIAMQAxADUANAA4ADkAMwAzADUAOQAyADIANQA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2106 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca47c520-cacd-4b76-8d89-ae9a87ff773c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAxADUAOQAuADIANwAtADIAMQAxADUANAA4ADkAMwAzADUAOQAyADIANQA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2105 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca47c520-cacd-4b76-8d89-ae9a87ff773c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAxADUAOQAuADIANwAtADIAMQAxADUANAA4ADkAMwAzADUAOQAyADIANQA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2104 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca47c520-cacd-4b76-8d89-ae9a87ff773c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAxADUAOQAuADIANwAtADIAMQAxADUANAA4ADkAMwAzADUAOQAyADIANQA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2103 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:46:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=feb87bfa-9b86-4edf-9935-83a28e9fee35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEUAQQBOAFEAQQA1AEEAQwA0AEEATQBnAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAEUAQQBOAFEAQQAwAEEARABnAEEATwBRAEEAegBBAEQATQBBAE4AUQBBADUAQQBEAEkAQQBNAGcAQQAxAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=24d7a532-a575-4488-b5e0-069d7debd5ee
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2102 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1ab912ea-ad0a-4160-b71c-14ed79eaaec7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADEANQA5AC4AMgA3AC0AMgAxADEANQA0ADgAOQAzADMANQA5ADIAMgA1ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=abf8e29e-c888-41ae-b42f-fb3c5dab08cd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2101 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1ab912ea-ad0a-4160-b71c-14ed79eaaec7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADEANQA5AC4AMgA3AC0AMgAxADEANQA0ADgAOQAzADMANQA5ADIAMgA1ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=abf8e29e-c888-41ae-b42f-fb3c5dab08cd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2100 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1ab912ea-ad0a-4160-b71c-14ed79eaaec7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADEANQA5AC4AMgA3AC0AMgAxADEANQA0ADgAOQAzADMANQA5ADIAMgA1ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2099 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1ab912ea-ad0a-4160-b71c-14ed79eaaec7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADEANQA5AC4AMgA3AC0AMgAxADEANQA0ADgAOQAzADMANQA5ADIAMgA1ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2098 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1ab912ea-ad0a-4160-b71c-14ed79eaaec7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADEANQA5AC4AMgA3AC0AMgAxADEANQA0ADgAOQAzADMANQA5ADIAMgA1ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2097 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1ab912ea-ad0a-4160-b71c-14ed79eaaec7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADEANQA5AC4AMgA3AC0AMgAxADEANQA0ADgAOQAzADMANQA5ADIAMgA1ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2096 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1ab912ea-ad0a-4160-b71c-14ed79eaaec7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADEANQA5AC4AMgA3AC0AMgAxADEANQA0ADgAOQAzADMANQA5ADIAMgA1ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2095 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1ab912ea-ad0a-4160-b71c-14ed79eaaec7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADEANQA5AC4AMgA3AC0AMgAxADEANQA0ADgAOQAzADMANQA5ADIAMgA1ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2094 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=feb87bfa-9b86-4edf-9935-83a28e9fee35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEUAQQBOAFEAQQA1AEEAQwA0AEEATQBnAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAEUAQQBOAFEAQQAwAEEARABnAEEATwBRAEEAegBBAEQATQBBAE4AUQBBADUAQQBEAEkAQQBNAGcAQQAxAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=24d7a532-a575-4488-b5e0-069d7debd5ee
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2093 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=feb87bfa-9b86-4edf-9935-83a28e9fee35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEUAQQBOAFEAQQA1AEEAQwA0AEEATQBnAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAEUAQQBOAFEAQQAwAEEARABnAEEATwBRAEEAegBBAEQATQBBAE4AUQBBADUAQQBEAEkAQQBNAGcAQQAxAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2092 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=feb87bfa-9b86-4edf-9935-83a28e9fee35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEUAQQBOAFEAQQA1AEEAQwA0AEEATQBnAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAEUAQQBOAFEAQQAwAEEARABnAEEATwBRAEEAegBBAEQATQBBAE4AUQBBADUAQQBEAEkAQQBNAGcAQQAxAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2091 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=feb87bfa-9b86-4edf-9935-83a28e9fee35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEUAQQBOAFEAQQA1AEEAQwA0AEEATQBnAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAEUAQQBOAFEAQQAwAEEARABnAEEATwBRAEEAegBBAEQATQBBAE4AUQBBADUAQQBEAEkAQQBNAGcAQQAxAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2090 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=feb87bfa-9b86-4edf-9935-83a28e9fee35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEUAQQBOAFEAQQA1AEEAQwA0AEEATQBnAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAEUAQQBOAFEAQQAwAEEARABnAEEATwBRAEEAegBBAEQATQBBAE4AUQBBADUAQQBEAEkAQQBNAGcAQQAxAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2089 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=feb87bfa-9b86-4edf-9935-83a28e9fee35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEUAQQBOAFEAQQA1AEEAQwA0AEEATQBnAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAEUAQQBOAFEAQQAwAEEARABnAEEATwBRAEEAegBBAEQATQBBAE4AUQBBADUAQQBEAEkAQQBNAGcAQQAxAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2088 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=feb87bfa-9b86-4edf-9935-83a28e9fee35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEUAQQBOAFEAQQA1AEEAQwA0AEEATQBnAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAEUAQQBOAFEAQQAwAEEARABnAEEATwBRAEEAegBBAEQATQBBAE4AUQBBADUAQQBEAEkAQQBNAGcAQQAxAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2087 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb6785ac-76a9-480e-9412-def1d6a26169
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=80378e49-be15-4046-9acb-c4acd5adfcbf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2086 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09b05e46-7315-4bff-9818-15f05cdd574b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4193fc90-fdd0-4720-a342-206c51bed9e4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2085 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09b05e46-7315-4bff-9818-15f05cdd574b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2084 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09b05e46-7315-4bff-9818-15f05cdd574b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2083 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09b05e46-7315-4bff-9818-15f05cdd574b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2082 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09b05e46-7315-4bff-9818-15f05cdd574b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2081 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09b05e46-7315-4bff-9818-15f05cdd574b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2080 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09b05e46-7315-4bff-9818-15f05cdd574b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2079 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09b05e46-7315-4bff-9818-15f05cdd574b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2078 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09b05e46-7315-4bff-9818-15f05cdd574b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2077 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb6785ac-76a9-480e-9412-def1d6a26169
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=80378e49-be15-4046-9acb-c4acd5adfcbf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2076 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb6785ac-76a9-480e-9412-def1d6a26169
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2075 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb6785ac-76a9-480e-9412-def1d6a26169
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2074 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb6785ac-76a9-480e-9412-def1d6a26169
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2073 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb6785ac-76a9-480e-9412-def1d6a26169
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2072 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb6785ac-76a9-480e-9412-def1d6a26169
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2071 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb6785ac-76a9-480e-9412-def1d6a26169
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2070 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d9f412f6-86e4-4073-91a3-822191aff44a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5b9511c1-011f-4c0c-a9a7-377492ea58b4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2069 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea27438e-c499-49a0-9652-fd5dfe4d009a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=5.1.14393.1944
RunspaceId=0856ce48-a105-4f91-aafd-78619df450b5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2068 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:45:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea27438e-c499-49a0-9652-fd5dfe4d009a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=5.1.14393.1944
RunspaceId=0856ce48-a105-4f91-aafd-78619df450b5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2067 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea27438e-c499-49a0-9652-fd5dfe4d009a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2066 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea27438e-c499-49a0-9652-fd5dfe4d009a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2065 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea27438e-c499-49a0-9652-fd5dfe4d009a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2064 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea27438e-c499-49a0-9652-fd5dfe4d009a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2063 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea27438e-c499-49a0-9652-fd5dfe4d009a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2062 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea27438e-c499-49a0-9652-fd5dfe4d009a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2061 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9bb7e067-1a76-4514-8737-8d3618511fed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e7122c0e-1412-41e9-a293-493e06528a5a
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2060 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9bb7e067-1a76-4514-8737-8d3618511fed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e7122c0e-1412-41e9-a293-493e06528a5a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2059 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9bb7e067-1a76-4514-8737-8d3618511fed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2058 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9bb7e067-1a76-4514-8737-8d3618511fed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2057 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9bb7e067-1a76-4514-8737-8d3618511fed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2056 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9bb7e067-1a76-4514-8737-8d3618511fed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2055 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9bb7e067-1a76-4514-8737-8d3618511fed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2054 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9bb7e067-1a76-4514-8737-8d3618511fed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2053 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9bb7e067-1a76-4514-8737-8d3618511fed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2052 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9bb7e067-1a76-4514-8737-8d3618511fed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2051 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d9f412f6-86e4-4073-91a3-822191aff44a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5b9511c1-011f-4c0c-a9a7-377492ea58b4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2050 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d9f412f6-86e4-4073-91a3-822191aff44a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2049 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d9f412f6-86e4-4073-91a3-822191aff44a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2048 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d9f412f6-86e4-4073-91a3-822191aff44a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2047 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d9f412f6-86e4-4073-91a3-822191aff44a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2046 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d9f412f6-86e4-4073-91a3-822191aff44a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2045 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d9f412f6-86e4-4073-91a3-822191aff44a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2044 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a5b8558-69bc-40eb-846c-afd1b1075aa8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a1b007d6-fb18-45d1-9fcb-4ab9a2ec6815
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2043 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d07781ba-74c9-4279-af22-dc3c37197c33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d0c77954-c953-48c8-94ae-472d1eb5f6d3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2042 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d07781ba-74c9-4279-af22-dc3c37197c33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2041 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d07781ba-74c9-4279-af22-dc3c37197c33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2040 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d07781ba-74c9-4279-af22-dc3c37197c33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2039 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d07781ba-74c9-4279-af22-dc3c37197c33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2038 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d07781ba-74c9-4279-af22-dc3c37197c33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2037 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d07781ba-74c9-4279-af22-dc3c37197c33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2036 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d07781ba-74c9-4279-af22-dc3c37197c33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2035 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d07781ba-74c9-4279-af22-dc3c37197c33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2034 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a5b8558-69bc-40eb-846c-afd1b1075aa8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a1b007d6-fb18-45d1-9fcb-4ab9a2ec6815
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2033 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a5b8558-69bc-40eb-846c-afd1b1075aa8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2032 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a5b8558-69bc-40eb-846c-afd1b1075aa8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2031 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a5b8558-69bc-40eb-846c-afd1b1075aa8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2030 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a5b8558-69bc-40eb-846c-afd1b1075aa8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2029 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a5b8558-69bc-40eb-846c-afd1b1075aa8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2028 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a5b8558-69bc-40eb-846c-afd1b1075aa8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2027 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8dd0428-d262-401d-a2e9-791ec143703e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2216da38-67b4-4fcf-8055-5854890967c8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2026 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=391f3af5-1812-4ee2-8c0f-ef7c10c22d80
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=897983c9-12d1-46a2-8c78-4ff8fd7d49e5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2025 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=391f3af5-1812-4ee2-8c0f-ef7c10c22d80
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=897983c9-12d1-46a2-8c78-4ff8fd7d49e5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2024 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=391f3af5-1812-4ee2-8c0f-ef7c10c22d80
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2023 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=391f3af5-1812-4ee2-8c0f-ef7c10c22d80
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2022 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=391f3af5-1812-4ee2-8c0f-ef7c10c22d80
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2021 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=391f3af5-1812-4ee2-8c0f-ef7c10c22d80
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2020 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=391f3af5-1812-4ee2-8c0f-ef7c10c22d80
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2019 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=391f3af5-1812-4ee2-8c0f-ef7c10c22d80
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2018 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d215690a-581f-4b46-a14a-b735568802aa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b4816c4d-5a92-446c-91fa-9fda6959e3a3
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2017 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d215690a-581f-4b46-a14a-b735568802aa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b4816c4d-5a92-446c-91fa-9fda6959e3a3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2016 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d215690a-581f-4b46-a14a-b735568802aa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2015 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d215690a-581f-4b46-a14a-b735568802aa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2014 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d215690a-581f-4b46-a14a-b735568802aa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2013 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d215690a-581f-4b46-a14a-b735568802aa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2012 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d215690a-581f-4b46-a14a-b735568802aa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2011 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d215690a-581f-4b46-a14a-b735568802aa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2010 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d215690a-581f-4b46-a14a-b735568802aa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2009 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d215690a-581f-4b46-a14a-b735568802aa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2008 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8dd0428-d262-401d-a2e9-791ec143703e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2216da38-67b4-4fcf-8055-5854890967c8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2007 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8dd0428-d262-401d-a2e9-791ec143703e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2006 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8dd0428-d262-401d-a2e9-791ec143703e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2005 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8dd0428-d262-401d-a2e9-791ec143703e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2004 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8dd0428-d262-401d-a2e9-791ec143703e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2003 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8dd0428-d262-401d-a2e9-791ec143703e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2002 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8dd0428-d262-401d-a2e9-791ec143703e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2001 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d9b88c42-19e8-4bad-b3e9-ff4a3d2cb8fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB3AEEARABFAEEATgBRAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAEUAQQBNAFEAQQAxAEEARABBAEEATQB3AEEAMQBBAEQATQBBAE8AQQBBADIAQQBEAFkAQQBPAEEAQQA1AEEARABrAEEATQBBAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=3baf0029-d074-409c-a52c-38ca597551ca
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2000 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=830596e6-9821-4b12-9212-30c3a007e068
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAwADEANQAuADQANgAtADEAMQA1ADAAMwA1ADMAOAA2ADYAOAA5ADkAMAA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=4ae6f61a-66ab-428c-8058-ea552eaca1b6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1999 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=830596e6-9821-4b12-9212-30c3a007e068
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAwADEANQAuADQANgAtADEAMQA1ADAAMwA1ADMAOAA2ADYAOAA5ADkAMAA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=4ae6f61a-66ab-428c-8058-ea552eaca1b6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1998 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=830596e6-9821-4b12-9212-30c3a007e068
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAwADEANQAuADQANgAtADEAMQA1ADAAMwA1ADMAOAA2ADYAOAA5ADkAMAA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1997 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=830596e6-9821-4b12-9212-30c3a007e068
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAwADEANQAuADQANgAtADEAMQA1ADAAMwA1ADMAOAA2ADYAOAA5ADkAMAA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1996 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=830596e6-9821-4b12-9212-30c3a007e068
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAwADEANQAuADQANgAtADEAMQA1ADAAMwA1ADMAOAA2ADYAOAA5ADkAMAA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1995 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=830596e6-9821-4b12-9212-30c3a007e068
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAwADEANQAuADQANgAtADEAMQA1ADAAMwA1ADMAOAA2ADYAOAA5ADkAMAA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1994 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=830596e6-9821-4b12-9212-30c3a007e068
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAwADEANQAuADQANgAtADEAMQA1ADAAMwA1ADMAOAA2ADYAOAA5ADkAMAA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1993 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=830596e6-9821-4b12-9212-30c3a007e068
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAwADEANQAuADQANgAtADEAMQA1ADAAMwA1ADMAOAA2ADYAOAA5ADkAMAA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1992 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d9b88c42-19e8-4bad-b3e9-ff4a3d2cb8fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB3AEEARABFAEEATgBRAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAEUAQQBNAFEAQQAxAEEARABBAEEATQB3AEEAMQBBAEQATQBBAE8AQQBBADIAQQBEAFkAQQBPAEEAQQA1AEEARABrAEEATQBBAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=3baf0029-d074-409c-a52c-38ca597551ca
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1991 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d9b88c42-19e8-4bad-b3e9-ff4a3d2cb8fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB3AEEARABFAEEATgBRAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAEUAQQBNAFEAQQAxAEEARABBAEEATQB3AEEAMQBBAEQATQBBAE8AQQBBADIAQQBEAFkAQQBPAEEAQQA1AEEARABrAEEATQBBAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1990 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d9b88c42-19e8-4bad-b3e9-ff4a3d2cb8fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB3AEEARABFAEEATgBRAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAEUAQQBNAFEAQQAxAEEARABBAEEATQB3AEEAMQBBAEQATQBBAE8AQQBBADIAQQBEAFkAQQBPAEEAQQA1AEEARABrAEEATQBBAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1989 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d9b88c42-19e8-4bad-b3e9-ff4a3d2cb8fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB3AEEARABFAEEATgBRAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAEUAQQBNAFEAQQAxAEEARABBAEEATQB3AEEAMQBBAEQATQBBAE8AQQBBADIAQQBEAFkAQQBPAEEAQQA1AEEARABrAEEATQBBAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1988 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d9b88c42-19e8-4bad-b3e9-ff4a3d2cb8fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB3AEEARABFAEEATgBRAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAEUAQQBNAFEAQQAxAEEARABBAEEATQB3AEEAMQBBAEQATQBBAE8AQQBBADIAQQBEAFkAQQBPAEEAQQA1AEEARABrAEEATQBBAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1987 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d9b88c42-19e8-4bad-b3e9-ff4a3d2cb8fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB3AEEARABFAEEATgBRAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAEUAQQBNAFEAQQAxAEEARABBAEEATQB3AEEAMQBBAEQATQBBAE8AQQBBADIAQQBEAFkAQQBPAEEAQQA1AEEARABrAEEATQBBAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1986 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d9b88c42-19e8-4bad-b3e9-ff4a3d2cb8fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAHcAQQB3AEEARABFAEEATgBRAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAEUAQQBNAFEAQQAxAEEARABBAEEATQB3AEEAMQBBAEQATQBBAE8AQQBBADIAQQBEAFkAQQBPAEEAQQA1AEEARABrAEEATQBBAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1985 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=344e6a92-a77d-4155-97ca-1493fcdb500a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=182dee02-e4a0-469b-84dc-4a3ef0801731
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1984 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9f136d25-f8c1-469e-8a57-2d13bed62533
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=290c1cab-6fa0-47a4-8b7d-c33434517d08
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1983 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9f136d25-f8c1-469e-8a57-2d13bed62533
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1982 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9f136d25-f8c1-469e-8a57-2d13bed62533
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1981 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9f136d25-f8c1-469e-8a57-2d13bed62533
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1980 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9f136d25-f8c1-469e-8a57-2d13bed62533
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1979 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9f136d25-f8c1-469e-8a57-2d13bed62533
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1978 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9f136d25-f8c1-469e-8a57-2d13bed62533
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1977 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9f136d25-f8c1-469e-8a57-2d13bed62533
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1976 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9f136d25-f8c1-469e-8a57-2d13bed62533
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1975 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=344e6a92-a77d-4155-97ca-1493fcdb500a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=182dee02-e4a0-469b-84dc-4a3ef0801731
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1974 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=344e6a92-a77d-4155-97ca-1493fcdb500a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1973 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=344e6a92-a77d-4155-97ca-1493fcdb500a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1972 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=344e6a92-a77d-4155-97ca-1493fcdb500a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1971 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=344e6a92-a77d-4155-97ca-1493fcdb500a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1970 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=344e6a92-a77d-4155-97ca-1493fcdb500a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1969 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=344e6a92-a77d-4155-97ca-1493fcdb500a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1968 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b60f7b8e-a87d-437f-a0c7-f191e64fc77e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAwADEANQAuADQANgAtADEAMQA1ADAAMwA1ADMAOAA2ADYAOAA5ADkAMAA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=867cdca6-5cf4-484a-92c6-34b95517166e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1967 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b60f7b8e-a87d-437f-a0c7-f191e64fc77e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAwADEANQAuADQANgAtADEAMQA1ADAAMwA1ADMAOAA2ADYAOAA5ADkAMAA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=867cdca6-5cf4-484a-92c6-34b95517166e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1966 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b60f7b8e-a87d-437f-a0c7-f191e64fc77e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAwADEANQAuADQANgAtADEAMQA1ADAAMwA1ADMAOAA2ADYAOAA5ADkAMAA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1965 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b60f7b8e-a87d-437f-a0c7-f191e64fc77e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAwADEANQAuADQANgAtADEAMQA1ADAAMwA1ADMAOAA2ADYAOAA5ADkAMAA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1964 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b60f7b8e-a87d-437f-a0c7-f191e64fc77e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAwADEANQAuADQANgAtADEAMQA1ADAAMwA1ADMAOAA2ADYAOAA5ADkAMAA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1963 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b60f7b8e-a87d-437f-a0c7-f191e64fc77e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAwADEANQAuADQANgAtADEAMQA1ADAAMwA1ADMAOAA2ADYAOAA5ADkAMAA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1962 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b60f7b8e-a87d-437f-a0c7-f191e64fc77e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAwADEANQAuADQANgAtADEAMQA1ADAAMwA1ADMAOAA2ADYAOAA5ADkAMAA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1961 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b60f7b8e-a87d-437f-a0c7-f191e64fc77e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANwAwADEANQAuADQANgAtADEAMQA1ADAAMwA1ADMAOAA2ADYAOAA5ADkAMAA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1960 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9dbe8f71-446e-4d4b-8d2e-0a453e4dcb4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEEAQQBNAFEAQQAxAEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE0AUQBBAHgAQQBEAFUAQQBNAEEAQQB6AEEARABVAEEATQB3AEEANABBAEQAWQBBAE4AZwBBADQAQQBEAGsAQQBPAFEAQQB3AEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=69c761a6-9bec-45b0-885c-bc00d66dddc3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1959 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74cd9559-b025-42db-aec9-346143d07f60
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADAAMQA1AC4ANAA2AC0AMQAxADUAMAAzADUAMwA4ADYANgA4ADkAOQAwADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=715c061e-3278-49b6-bd80-e85ceb2990f3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1958 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74cd9559-b025-42db-aec9-346143d07f60
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADAAMQA1AC4ANAA2AC0AMQAxADUAMAAzADUAMwA4ADYANgA4ADkAOQAwADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=715c061e-3278-49b6-bd80-e85ceb2990f3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1957 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74cd9559-b025-42db-aec9-346143d07f60
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADAAMQA1AC4ANAA2AC0AMQAxADUAMAAzADUAMwA4ADYANgA4ADkAOQAwADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1956 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74cd9559-b025-42db-aec9-346143d07f60
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADAAMQA1AC4ANAA2AC0AMQAxADUAMAAzADUAMwA4ADYANgA4ADkAOQAwADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1955 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74cd9559-b025-42db-aec9-346143d07f60
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADAAMQA1AC4ANAA2AC0AMQAxADUAMAAzADUAMwA4ADYANgA4ADkAOQAwADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1954 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74cd9559-b025-42db-aec9-346143d07f60
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADAAMQA1AC4ANAA2AC0AMQAxADUAMAAzADUAMwA4ADYANgA4ADkAOQAwADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1953 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74cd9559-b025-42db-aec9-346143d07f60
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADAAMQA1AC4ANAA2AC0AMQAxADUAMAAzADUAMwA4ADYANgA4ADkAOQAwADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1952 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74cd9559-b025-42db-aec9-346143d07f60
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA3ADAAMQA1AC4ANAA2AC0AMQAxADUAMAAzADUAMwA4ADYANgA4ADkAOQAwADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1951 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9dbe8f71-446e-4d4b-8d2e-0a453e4dcb4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEEAQQBNAFEAQQAxAEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE0AUQBBAHgAQQBEAFUAQQBNAEEAQQB6AEEARABVAEEATQB3AEEANABBAEQAWQBBAE4AZwBBADQAQQBEAGsAQQBPAFEAQQB3AEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=69c761a6-9bec-45b0-885c-bc00d66dddc3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1950 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9dbe8f71-446e-4d4b-8d2e-0a453e4dcb4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEEAQQBNAFEAQQAxAEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE0AUQBBAHgAQQBEAFUAQQBNAEEAQQB6AEEARABVAEEATQB3AEEANABBAEQAWQBBAE4AZwBBADQAQQBEAGsAQQBPAFEAQQB3AEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1949 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9dbe8f71-446e-4d4b-8d2e-0a453e4dcb4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEEAQQBNAFEAQQAxAEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE0AUQBBAHgAQQBEAFUAQQBNAEEAQQB6AEEARABVAEEATQB3AEEANABBAEQAWQBBAE4AZwBBADQAQQBEAGsAQQBPAFEAQQB3AEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1948 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9dbe8f71-446e-4d4b-8d2e-0a453e4dcb4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEEAQQBNAFEAQQAxAEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE0AUQBBAHgAQQBEAFUAQQBNAEEAQQB6AEEARABVAEEATQB3AEEANABBAEQAWQBBAE4AZwBBADQAQQBEAGsAQQBPAFEAQQB3AEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1947 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9dbe8f71-446e-4d4b-8d2e-0a453e4dcb4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEEAQQBNAFEAQQAxAEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE0AUQBBAHgAQQBEAFUAQQBNAEEAQQB6AEEARABVAEEATQB3AEEANABBAEQAWQBBAE4AZwBBADQAQQBEAGsAQQBPAFEAQQB3AEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1946 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9dbe8f71-446e-4d4b-8d2e-0a453e4dcb4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEEAQQBNAFEAQQAxAEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE0AUQBBAHgAQQBEAFUAQQBNAEEAQQB6AEEARABVAEEATQB3AEEANABBAEQAWQBBAE4AZwBBADQAQQBEAGsAQQBPAFEAQQB3AEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1945 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9dbe8f71-446e-4d4b-8d2e-0a453e4dcb4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADMAQQBEAEEAQQBNAFEAQQAxAEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE0AUQBBAHgAQQBEAFUAQQBNAEEAQQB6AEEARABVAEEATQB3AEEANABBAEQAWQBBAE4AZwBBADQAQQBEAGsAQQBPAFEAQQB3AEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1944 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=15353fcf-aeb3-483e-9a00-ce0cd18f1faa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=168f3d37-4360-4385-a9db-0a6e572f683e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1943 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ea78996d-b870-4923-8d91-2c1ed9d223d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7c3d0ad6-a4cb-4940-a597-07f0df163e58
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1942 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ea78996d-b870-4923-8d91-2c1ed9d223d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1941 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ea78996d-b870-4923-8d91-2c1ed9d223d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1940 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ea78996d-b870-4923-8d91-2c1ed9d223d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1939 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ea78996d-b870-4923-8d91-2c1ed9d223d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1938 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ea78996d-b870-4923-8d91-2c1ed9d223d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1937 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ea78996d-b870-4923-8d91-2c1ed9d223d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1936 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ea78996d-b870-4923-8d91-2c1ed9d223d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1935 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ea78996d-b870-4923-8d91-2c1ed9d223d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1934 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=15353fcf-aeb3-483e-9a00-ce0cd18f1faa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=168f3d37-4360-4385-a9db-0a6e572f683e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1933 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=15353fcf-aeb3-483e-9a00-ce0cd18f1faa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1932 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=15353fcf-aeb3-483e-9a00-ce0cd18f1faa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1931 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=15353fcf-aeb3-483e-9a00-ce0cd18f1faa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1930 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=15353fcf-aeb3-483e-9a00-ce0cd18f1faa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1929 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=15353fcf-aeb3-483e-9a00-ce0cd18f1faa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1928 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=15353fcf-aeb3-483e-9a00-ce0cd18f1faa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1927 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:43:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df57c01a-ea60-462d-ae68-a6674f2a01db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=55a16875-886f-4d6e-aea2-3551ecebb834
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1926 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2379160d-8d07-4c31-aff9-af9309f391ad
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=5.1.14393.1944
RunspaceId=186a3e9e-4c1a-428d-97d0-998bec05ec43
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1925 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:42:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2379160d-8d07-4c31-aff9-af9309f391ad
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=5.1.14393.1944
RunspaceId=186a3e9e-4c1a-428d-97d0-998bec05ec43
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1924 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2379160d-8d07-4c31-aff9-af9309f391ad
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1923 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2379160d-8d07-4c31-aff9-af9309f391ad
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1922 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2379160d-8d07-4c31-aff9-af9309f391ad
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1921 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2379160d-8d07-4c31-aff9-af9309f391ad
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1920 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2379160d-8d07-4c31-aff9-af9309f391ad
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1919 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2379160d-8d07-4c31-aff9-af9309f391ad
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1918 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2fe24623-3adc-4a09-a50d-cf907fabddac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e58305b2-67a3-4156-8cf7-1c5718773353
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1917 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2fe24623-3adc-4a09-a50d-cf907fabddac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e58305b2-67a3-4156-8cf7-1c5718773353
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1916 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2fe24623-3adc-4a09-a50d-cf907fabddac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1915 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2fe24623-3adc-4a09-a50d-cf907fabddac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1914 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2fe24623-3adc-4a09-a50d-cf907fabddac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1913 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2fe24623-3adc-4a09-a50d-cf907fabddac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1912 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2fe24623-3adc-4a09-a50d-cf907fabddac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1911 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2fe24623-3adc-4a09-a50d-cf907fabddac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1910 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2fe24623-3adc-4a09-a50d-cf907fabddac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1909 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2fe24623-3adc-4a09-a50d-cf907fabddac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1908 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df57c01a-ea60-462d-ae68-a6674f2a01db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=55a16875-886f-4d6e-aea2-3551ecebb834
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1907 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df57c01a-ea60-462d-ae68-a6674f2a01db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1906 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df57c01a-ea60-462d-ae68-a6674f2a01db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1905 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df57c01a-ea60-462d-ae68-a6674f2a01db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1904 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df57c01a-ea60-462d-ae68-a6674f2a01db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1903 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df57c01a-ea60-462d-ae68-a6674f2a01db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1902 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df57c01a-ea60-462d-ae68-a6674f2a01db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1901 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4ee16a7c-ab37-4ef6-9048-a570b4101cca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=34f2e1a7-985e-42ac-b1fb-4598880ae2b9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1900 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=101a3546-a2b0-442b-ad17-e11e13e43506
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fd8ec201-e021-4edb-8c47-b4474f1fd00c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1899 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=101a3546-a2b0-442b-ad17-e11e13e43506
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1898 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=101a3546-a2b0-442b-ad17-e11e13e43506
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1897 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=101a3546-a2b0-442b-ad17-e11e13e43506
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1896 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=101a3546-a2b0-442b-ad17-e11e13e43506
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1895 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=101a3546-a2b0-442b-ad17-e11e13e43506
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1894 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=101a3546-a2b0-442b-ad17-e11e13e43506
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1893 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=101a3546-a2b0-442b-ad17-e11e13e43506
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1892 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=101a3546-a2b0-442b-ad17-e11e13e43506
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1891 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4ee16a7c-ab37-4ef6-9048-a570b4101cca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=34f2e1a7-985e-42ac-b1fb-4598880ae2b9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1890 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4ee16a7c-ab37-4ef6-9048-a570b4101cca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1889 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4ee16a7c-ab37-4ef6-9048-a570b4101cca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1888 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4ee16a7c-ab37-4ef6-9048-a570b4101cca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1887 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4ee16a7c-ab37-4ef6-9048-a570b4101cca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1886 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4ee16a7c-ab37-4ef6-9048-a570b4101cca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1885 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4ee16a7c-ab37-4ef6-9048-a570b4101cca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1884 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3d98545-3ee4-46b6-a76e-d35f75a1f3ae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=97caf5c0-d61c-480e-8695-7811877f2caf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1883 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99572329-2734-40df-bbc2-193916212570
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=85c40b53-b96d-4ac0-8de2-3cd388a0cfb6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1882 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99572329-2734-40df-bbc2-193916212570
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=85c40b53-b96d-4ac0-8de2-3cd388a0cfb6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1881 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99572329-2734-40df-bbc2-193916212570
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1880 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99572329-2734-40df-bbc2-193916212570
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1879 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99572329-2734-40df-bbc2-193916212570
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1878 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99572329-2734-40df-bbc2-193916212570
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1877 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99572329-2734-40df-bbc2-193916212570
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1876 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99572329-2734-40df-bbc2-193916212570
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1875 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f9d714a7-5ed1-44be-a7ca-6210173ed792
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=528d901a-bf3a-433e-9c26-b7a6e2dfb182
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1874 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f9d714a7-5ed1-44be-a7ca-6210173ed792
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=528d901a-bf3a-433e-9c26-b7a6e2dfb182
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1873 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f9d714a7-5ed1-44be-a7ca-6210173ed792
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1872 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f9d714a7-5ed1-44be-a7ca-6210173ed792
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1871 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f9d714a7-5ed1-44be-a7ca-6210173ed792
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1870 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f9d714a7-5ed1-44be-a7ca-6210173ed792
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1869 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f9d714a7-5ed1-44be-a7ca-6210173ed792
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1868 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f9d714a7-5ed1-44be-a7ca-6210173ed792
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1867 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f9d714a7-5ed1-44be-a7ca-6210173ed792
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1866 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f9d714a7-5ed1-44be-a7ca-6210173ed792
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1865 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3d98545-3ee4-46b6-a76e-d35f75a1f3ae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=97caf5c0-d61c-480e-8695-7811877f2caf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1864 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3d98545-3ee4-46b6-a76e-d35f75a1f3ae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1863 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3d98545-3ee4-46b6-a76e-d35f75a1f3ae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1862 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3d98545-3ee4-46b6-a76e-d35f75a1f3ae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1861 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3d98545-3ee4-46b6-a76e-d35f75a1f3ae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1860 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3d98545-3ee4-46b6-a76e-d35f75a1f3ae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1859 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3d98545-3ee4-46b6-a76e-d35f75a1f3ae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1858 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab8b8eed-9454-472a-9ec8-59cb73f6689b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQAzAEEARABRAEEATgBnAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAFEAQQBNAFEAQQB3AEEARABNAEEATwBRAEEAMABBAEQAawBBAE0AUQBBAHcAQQBEAEkAQQBPAFEAQQAyAEEARABjAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=37927ed4-cd9c-4c76-b62b-8e4115084476
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1857 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a4384e3-73b7-4c4c-b8fc-76dc3afc328a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA3ADQANgAuADYAOAAtADQAMQAwADMAOQA0ADkAMQAwADIAOQA2ADcANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=bee88e68-681c-414e-9ce9-fa49a37fd829
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1856 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a4384e3-73b7-4c4c-b8fc-76dc3afc328a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA3ADQANgAuADYAOAAtADQAMQAwADMAOQA0ADkAMQAwADIAOQA2ADcANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=bee88e68-681c-414e-9ce9-fa49a37fd829
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1855 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a4384e3-73b7-4c4c-b8fc-76dc3afc328a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA3ADQANgAuADYAOAAtADQAMQAwADMAOQA0ADkAMQAwADIAOQA2ADcANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1854 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a4384e3-73b7-4c4c-b8fc-76dc3afc328a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA3ADQANgAuADYAOAAtADQAMQAwADMAOQA0ADkAMQAwADIAOQA2ADcANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1853 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a4384e3-73b7-4c4c-b8fc-76dc3afc328a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA3ADQANgAuADYAOAAtADQAMQAwADMAOQA0ADkAMQAwADIAOQA2ADcANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1852 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a4384e3-73b7-4c4c-b8fc-76dc3afc328a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA3ADQANgAuADYAOAAtADQAMQAwADMAOQA0ADkAMQAwADIAOQA2ADcANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1851 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a4384e3-73b7-4c4c-b8fc-76dc3afc328a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA3ADQANgAuADYAOAAtADQAMQAwADMAOQA0ADkAMQAwADIAOQA2ADcANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1850 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a4384e3-73b7-4c4c-b8fc-76dc3afc328a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA3ADQANgAuADYAOAAtADQAMQAwADMAOQA0ADkAMQAwADIAOQA2ADcANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1849 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab8b8eed-9454-472a-9ec8-59cb73f6689b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQAzAEEARABRAEEATgBnAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAFEAQQBNAFEAQQB3AEEARABNAEEATwBRAEEAMABBAEQAawBBAE0AUQBBAHcAQQBEAEkAQQBPAFEAQQAyAEEARABjAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=37927ed4-cd9c-4c76-b62b-8e4115084476
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1848 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab8b8eed-9454-472a-9ec8-59cb73f6689b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQAzAEEARABRAEEATgBnAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAFEAQQBNAFEAQQB3AEEARABNAEEATwBRAEEAMABBAEQAawBBAE0AUQBBAHcAQQBEAEkAQQBPAFEAQQAyAEEARABjAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1847 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab8b8eed-9454-472a-9ec8-59cb73f6689b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQAzAEEARABRAEEATgBnAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAFEAQQBNAFEAQQB3AEEARABNAEEATwBRAEEAMABBAEQAawBBAE0AUQBBAHcAQQBEAEkAQQBPAFEAQQAyAEEARABjAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1846 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab8b8eed-9454-472a-9ec8-59cb73f6689b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQAzAEEARABRAEEATgBnAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAFEAQQBNAFEAQQB3AEEARABNAEEATwBRAEEAMABBAEQAawBBAE0AUQBBAHcAQQBEAEkAQQBPAFEAQQAyAEEARABjAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1845 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab8b8eed-9454-472a-9ec8-59cb73f6689b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQAzAEEARABRAEEATgBnAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAFEAQQBNAFEAQQB3AEEARABNAEEATwBRAEEAMABBAEQAawBBAE0AUQBBAHcAQQBEAEkAQQBPAFEAQQAyAEEARABjAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1844 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab8b8eed-9454-472a-9ec8-59cb73f6689b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQAzAEEARABRAEEATgBnAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAFEAQQBNAFEAQQB3AEEARABNAEEATwBRAEEAMABBAEQAawBBAE0AUQBBAHcAQQBEAEkAQQBPAFEAQQAyAEEARABjAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1843 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab8b8eed-9454-472a-9ec8-59cb73f6689b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQAzAEEARABRAEEATgBnAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAFEAQQBNAFEAQQB3AEEARABNAEEATwBRAEEAMABBAEQAawBBAE0AUQBBAHcAQQBEAEkAQQBPAFEAQQAyAEEARABjAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1842 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=141e25bd-78c0-4c29-852b-2bec2e6d204a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ddfe2a45-f976-495f-92a8-6789e5b0a6fb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1841 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f96c44e3-62a5-4627-bfe1-6e423795682b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c1494396-cb2c-463a-b0fd-2f08686cf77b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1840 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f96c44e3-62a5-4627-bfe1-6e423795682b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1839 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f96c44e3-62a5-4627-bfe1-6e423795682b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1838 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f96c44e3-62a5-4627-bfe1-6e423795682b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1837 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f96c44e3-62a5-4627-bfe1-6e423795682b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1836 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f96c44e3-62a5-4627-bfe1-6e423795682b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1835 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f96c44e3-62a5-4627-bfe1-6e423795682b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1834 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f96c44e3-62a5-4627-bfe1-6e423795682b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1833 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f96c44e3-62a5-4627-bfe1-6e423795682b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1832 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=141e25bd-78c0-4c29-852b-2bec2e6d204a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ddfe2a45-f976-495f-92a8-6789e5b0a6fb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1831 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=141e25bd-78c0-4c29-852b-2bec2e6d204a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1830 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=141e25bd-78c0-4c29-852b-2bec2e6d204a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1829 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=141e25bd-78c0-4c29-852b-2bec2e6d204a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1828 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=141e25bd-78c0-4c29-852b-2bec2e6d204a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1827 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=141e25bd-78c0-4c29-852b-2bec2e6d204a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1826 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=141e25bd-78c0-4c29-852b-2bec2e6d204a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1825 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ed3e36a-caa2-4849-b9d3-f5a6bac5bb98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA3ADQANgAuADYAOAAtADQAMQAwADMAOQA0ADkAMQAwADIAOQA2ADcANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=1bd3893c-56e7-4e11-b09e-175568092eb4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1824 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ed3e36a-caa2-4849-b9d3-f5a6bac5bb98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA3ADQANgAuADYAOAAtADQAMQAwADMAOQA0ADkAMQAwADIAOQA2ADcANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=1bd3893c-56e7-4e11-b09e-175568092eb4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1823 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ed3e36a-caa2-4849-b9d3-f5a6bac5bb98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA3ADQANgAuADYAOAAtADQAMQAwADMAOQA0ADkAMQAwADIAOQA2ADcANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1822 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ed3e36a-caa2-4849-b9d3-f5a6bac5bb98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA3ADQANgAuADYAOAAtADQAMQAwADMAOQA0ADkAMQAwADIAOQA2ADcANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1821 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ed3e36a-caa2-4849-b9d3-f5a6bac5bb98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA3ADQANgAuADYAOAAtADQAMQAwADMAOQA0ADkAMQAwADIAOQA2ADcANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1820 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ed3e36a-caa2-4849-b9d3-f5a6bac5bb98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA3ADQANgAuADYAOAAtADQAMQAwADMAOQA0ADkAMQAwADIAOQA2ADcANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1819 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ed3e36a-caa2-4849-b9d3-f5a6bac5bb98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA3ADQANgAuADYAOAAtADQAMQAwADMAOQA0ADkAMQAwADIAOQA2ADcANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1818 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ed3e36a-caa2-4849-b9d3-f5a6bac5bb98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA3ADQANgAuADYAOAAtADQAMQAwADMAOQA0ADkAMQAwADIAOQA2ADcANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1817 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b261c94f-4cda-43f9-ab4f-b925706c6739
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAGMAQQBOAEEAQQAyAEEAQwA0AEEATgBnAEEANABBAEMAMABBAE4AQQBBAHgAQQBEAEEAQQBNAHcAQQA1AEEARABRAEEATwBRAEEAeABBAEQAQQBBAE0AZwBBADUAQQBEAFkAQQBOAHcAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=ec69df8a-511f-4d69-a7a8-1aa6be17a7cd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1816 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=949fa14a-503b-4c6c-a608-915e85c980a4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADcANAA2AC4ANgA4AC0ANAAxADAAMwA5ADQAOQAxADAAMgA5ADYANwA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=84f1688e-c520-466a-ab8b-568d3af0ed88
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1815 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=949fa14a-503b-4c6c-a608-915e85c980a4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADcANAA2AC4ANgA4AC0ANAAxADAAMwA5ADQAOQAxADAAMgA5ADYANwA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=84f1688e-c520-466a-ab8b-568d3af0ed88
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1814 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=949fa14a-503b-4c6c-a608-915e85c980a4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADcANAA2AC4ANgA4AC0ANAAxADAAMwA5ADQAOQAxADAAMgA5ADYANwA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1813 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=949fa14a-503b-4c6c-a608-915e85c980a4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADcANAA2AC4ANgA4AC0ANAAxADAAMwA5ADQAOQAxADAAMgA5ADYANwA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1812 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=949fa14a-503b-4c6c-a608-915e85c980a4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADcANAA2AC4ANgA4AC0ANAAxADAAMwA5ADQAOQAxADAAMgA5ADYANwA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1811 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=949fa14a-503b-4c6c-a608-915e85c980a4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADcANAA2AC4ANgA4AC0ANAAxADAAMwA5ADQAOQAxADAAMgA5ADYANwA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1810 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=949fa14a-503b-4c6c-a608-915e85c980a4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADcANAA2AC4ANgA4AC0ANAAxADAAMwA5ADQAOQAxADAAMgA5ADYANwA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1809 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=949fa14a-503b-4c6c-a608-915e85c980a4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADcANAA2AC4ANgA4AC0ANAAxADAAMwA5ADQAOQAxADAAMgA5ADYANwA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1808 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b261c94f-4cda-43f9-ab4f-b925706c6739
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAGMAQQBOAEEAQQAyAEEAQwA0AEEATgBnAEEANABBAEMAMABBAE4AQQBBAHgAQQBEAEEAQQBNAHcAQQA1AEEARABRAEEATwBRAEEAeABBAEQAQQBBAE0AZwBBADUAQQBEAFkAQQBOAHcAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=ec69df8a-511f-4d69-a7a8-1aa6be17a7cd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1807 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b261c94f-4cda-43f9-ab4f-b925706c6739
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAGMAQQBOAEEAQQAyAEEAQwA0AEEATgBnAEEANABBAEMAMABBAE4AQQBBAHgAQQBEAEEAQQBNAHcAQQA1AEEARABRAEEATwBRAEEAeABBAEQAQQBBAE0AZwBBADUAQQBEAFkAQQBOAHcAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1806 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b261c94f-4cda-43f9-ab4f-b925706c6739
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAGMAQQBOAEEAQQAyAEEAQwA0AEEATgBnAEEANABBAEMAMABBAE4AQQBBAHgAQQBEAEEAQQBNAHcAQQA1AEEARABRAEEATwBRAEEAeABBAEQAQQBBAE0AZwBBADUAQQBEAFkAQQBOAHcAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1805 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b261c94f-4cda-43f9-ab4f-b925706c6739
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAGMAQQBOAEEAQQAyAEEAQwA0AEEATgBnAEEANABBAEMAMABBAE4AQQBBAHgAQQBEAEEAQQBNAHcAQQA1AEEARABRAEEATwBRAEEAeABBAEQAQQBBAE0AZwBBADUAQQBEAFkAQQBOAHcAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1804 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b261c94f-4cda-43f9-ab4f-b925706c6739
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAGMAQQBOAEEAQQAyAEEAQwA0AEEATgBnAEEANABBAEMAMABBAE4AQQBBAHgAQQBEAEEAQQBNAHcAQQA1AEEARABRAEEATwBRAEEAeABBAEQAQQBBAE0AZwBBADUAQQBEAFkAQQBOAHcAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1803 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b261c94f-4cda-43f9-ab4f-b925706c6739
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAGMAQQBOAEEAQQAyAEEAQwA0AEEATgBnAEEANABBAEMAMABBAE4AQQBBAHgAQQBEAEEAQQBNAHcAQQA1AEEARABRAEEATwBRAEEAeABBAEQAQQBBAE0AZwBBADUAQQBEAFkAQQBOAHcAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1802 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b261c94f-4cda-43f9-ab4f-b925706c6739
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAGMAQQBOAEEAQQAyAEEAQwA0AEEATgBnAEEANABBAEMAMABBAE4AQQBBAHgAQQBEAEEAQQBNAHcAQQA1AEEARABRAEEATwBRAEEAeABBAEQAQQBBAE0AZwBBADUAQQBEAFkAQQBOAHcAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1801 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d4f2d86-e296-47f6-8110-861908609dc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3754ba1d-9dcd-44e8-bc19-00588e1efd4f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1800 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=34e15a22-eae7-4449-ace6-72d6f99df99b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4157446e-42a2-46c5-bba7-aa9e2553d6f7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1799 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=34e15a22-eae7-4449-ace6-72d6f99df99b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1798 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=34e15a22-eae7-4449-ace6-72d6f99df99b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1797 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=34e15a22-eae7-4449-ace6-72d6f99df99b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1796 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=34e15a22-eae7-4449-ace6-72d6f99df99b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1795 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=34e15a22-eae7-4449-ace6-72d6f99df99b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1794 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=34e15a22-eae7-4449-ace6-72d6f99df99b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1793 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=34e15a22-eae7-4449-ace6-72d6f99df99b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1792 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=34e15a22-eae7-4449-ace6-72d6f99df99b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1791 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d4f2d86-e296-47f6-8110-861908609dc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3754ba1d-9dcd-44e8-bc19-00588e1efd4f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1790 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d4f2d86-e296-47f6-8110-861908609dc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1789 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d4f2d86-e296-47f6-8110-861908609dc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1788 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d4f2d86-e296-47f6-8110-861908609dc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1787 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d4f2d86-e296-47f6-8110-861908609dc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1786 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d4f2d86-e296-47f6-8110-861908609dc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1785 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d4f2d86-e296-47f6-8110-861908609dc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1784 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:39:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0d89afa-d681-47f5-87ff-dfb9eba8627e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e88f2016-f91c-45db-aa00-da75dcb9cf03
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1783 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f390ec23-041d-44fd-84df-976a52635dfa
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=5.1.14393.1944
RunspaceId=25144a58-53fb-4e8b-b830-05b9646d238d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1782 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f390ec23-041d-44fd-84df-976a52635dfa
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=5.1.14393.1944
RunspaceId=25144a58-53fb-4e8b-b830-05b9646d238d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1781 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f390ec23-041d-44fd-84df-976a52635dfa
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1780 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f390ec23-041d-44fd-84df-976a52635dfa
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1779 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f390ec23-041d-44fd-84df-976a52635dfa
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1778 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f390ec23-041d-44fd-84df-976a52635dfa
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1777 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f390ec23-041d-44fd-84df-976a52635dfa
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1776 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f390ec23-041d-44fd-84df-976a52635dfa
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1775 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba3a6fed-af98-4eb9-ab54-980799ba973d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2063b5bd-a205-4905-9682-35931df2bbb4
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1774 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba3a6fed-af98-4eb9-ab54-980799ba973d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2063b5bd-a205-4905-9682-35931df2bbb4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1773 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba3a6fed-af98-4eb9-ab54-980799ba973d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1772 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba3a6fed-af98-4eb9-ab54-980799ba973d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1771 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba3a6fed-af98-4eb9-ab54-980799ba973d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1770 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba3a6fed-af98-4eb9-ab54-980799ba973d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1769 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba3a6fed-af98-4eb9-ab54-980799ba973d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1768 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba3a6fed-af98-4eb9-ab54-980799ba973d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1767 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba3a6fed-af98-4eb9-ab54-980799ba973d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1766 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba3a6fed-af98-4eb9-ab54-980799ba973d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1765 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0d89afa-d681-47f5-87ff-dfb9eba8627e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e88f2016-f91c-45db-aa00-da75dcb9cf03
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1764 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0d89afa-d681-47f5-87ff-dfb9eba8627e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1763 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0d89afa-d681-47f5-87ff-dfb9eba8627e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1762 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0d89afa-d681-47f5-87ff-dfb9eba8627e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1761 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0d89afa-d681-47f5-87ff-dfb9eba8627e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1760 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0d89afa-d681-47f5-87ff-dfb9eba8627e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1759 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0d89afa-d681-47f5-87ff-dfb9eba8627e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1758 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfd93f8a-bffd-4f34-b455-24062c3b5ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f194b204-3bd0-4859-bc4a-f3ae098c8421
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1757 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=238952b7-a042-4e0f-af1e-9396b0142f0f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=5.1.14393.1944
RunspaceId=957375be-2490-4a5d-a2d4-9ef981e2693d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1756 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=238952b7-a042-4e0f-af1e-9396b0142f0f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=5.1.14393.1944
RunspaceId=957375be-2490-4a5d-a2d4-9ef981e2693d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1755 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=238952b7-a042-4e0f-af1e-9396b0142f0f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1754 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=238952b7-a042-4e0f-af1e-9396b0142f0f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1753 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=238952b7-a042-4e0f-af1e-9396b0142f0f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1752 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=238952b7-a042-4e0f-af1e-9396b0142f0f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1751 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=238952b7-a042-4e0f-af1e-9396b0142f0f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1750 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=238952b7-a042-4e0f-af1e-9396b0142f0f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1749 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4653a454-da6e-46a2-aa20-7e2961dd3c5f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=68ee2336-8273-4d67-ae2e-c3cc5185a65b
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1748 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4653a454-da6e-46a2-aa20-7e2961dd3c5f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=68ee2336-8273-4d67-ae2e-c3cc5185a65b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1747 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4653a454-da6e-46a2-aa20-7e2961dd3c5f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1746 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4653a454-da6e-46a2-aa20-7e2961dd3c5f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1745 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4653a454-da6e-46a2-aa20-7e2961dd3c5f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1744 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4653a454-da6e-46a2-aa20-7e2961dd3c5f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1743 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4653a454-da6e-46a2-aa20-7e2961dd3c5f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1742 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4653a454-da6e-46a2-aa20-7e2961dd3c5f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1741 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4653a454-da6e-46a2-aa20-7e2961dd3c5f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1740 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4653a454-da6e-46a2-aa20-7e2961dd3c5f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1739 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfd93f8a-bffd-4f34-b455-24062c3b5ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f194b204-3bd0-4859-bc4a-f3ae098c8421
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1738 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfd93f8a-bffd-4f34-b455-24062c3b5ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1737 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfd93f8a-bffd-4f34-b455-24062c3b5ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1736 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfd93f8a-bffd-4f34-b455-24062c3b5ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1735 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfd93f8a-bffd-4f34-b455-24062c3b5ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1734 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfd93f8a-bffd-4f34-b455-24062c3b5ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1733 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfd93f8a-bffd-4f34-b455-24062c3b5ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1732 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5293e26-6585-4a43-8aab-a2b549374ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7158a290-18ad-4804-a8e6-ceb878285d95
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1731 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf7a4db6-1286-42b3-8a7c-cf562c67c639
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=5.1.14393.1944
RunspaceId=dd064098-9ee5-466c-aa38-e00c8e4139de
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1730 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf7a4db6-1286-42b3-8a7c-cf562c67c639
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=5.1.14393.1944
RunspaceId=dd064098-9ee5-466c-aa38-e00c8e4139de
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1729 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf7a4db6-1286-42b3-8a7c-cf562c67c639
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1728 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf7a4db6-1286-42b3-8a7c-cf562c67c639
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1727 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf7a4db6-1286-42b3-8a7c-cf562c67c639
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1726 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf7a4db6-1286-42b3-8a7c-cf562c67c639
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1725 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf7a4db6-1286-42b3-8a7c-cf562c67c639
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1724 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf7a4db6-1286-42b3-8a7c-cf562c67c639
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1723 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=112ec7de-6c85-45f8-970f-e6b6ef7421a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1c9f260b-2021-4953-9a80-e805ec7a41ea
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1722 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=112ec7de-6c85-45f8-970f-e6b6ef7421a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1c9f260b-2021-4953-9a80-e805ec7a41ea
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1721 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=112ec7de-6c85-45f8-970f-e6b6ef7421a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1720 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=112ec7de-6c85-45f8-970f-e6b6ef7421a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1719 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=112ec7de-6c85-45f8-970f-e6b6ef7421a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1718 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=112ec7de-6c85-45f8-970f-e6b6ef7421a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1717 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=112ec7de-6c85-45f8-970f-e6b6ef7421a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1716 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=112ec7de-6c85-45f8-970f-e6b6ef7421a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1715 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=112ec7de-6c85-45f8-970f-e6b6ef7421a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1714 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=112ec7de-6c85-45f8-970f-e6b6ef7421a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1713 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5293e26-6585-4a43-8aab-a2b549374ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7158a290-18ad-4804-a8e6-ceb878285d95
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1712 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5293e26-6585-4a43-8aab-a2b549374ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1711 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5293e26-6585-4a43-8aab-a2b549374ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1710 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5293e26-6585-4a43-8aab-a2b549374ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1709 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5293e26-6585-4a43-8aab-a2b549374ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1708 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5293e26-6585-4a43-8aab-a2b549374ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1707 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5293e26-6585-4a43-8aab-a2b549374ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1706 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:38:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d6e9f8d4-b5bf-401b-a8b0-e926f2fe9e4a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=732982fb-9e7d-40f8-a915-94f7e388677e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1705 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21694ee8-7533-4828-94d5-217dd756102c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=5.1.14393.1944
RunspaceId=aa766963-82fe-4b56-8dea-7b0c338ed9e1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1704 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21694ee8-7533-4828-94d5-217dd756102c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=5.1.14393.1944
RunspaceId=aa766963-82fe-4b56-8dea-7b0c338ed9e1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1703 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21694ee8-7533-4828-94d5-217dd756102c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1702 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21694ee8-7533-4828-94d5-217dd756102c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1701 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21694ee8-7533-4828-94d5-217dd756102c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1700 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21694ee8-7533-4828-94d5-217dd756102c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1699 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21694ee8-7533-4828-94d5-217dd756102c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1698 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21694ee8-7533-4828-94d5-217dd756102c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1697 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3f7bfd8d-329a-4953-854b-1c3f83c41d0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=39ed5329-f35b-40d5-a513-9c0414577f52
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1696 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3f7bfd8d-329a-4953-854b-1c3f83c41d0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=39ed5329-f35b-40d5-a513-9c0414577f52
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1695 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3f7bfd8d-329a-4953-854b-1c3f83c41d0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1694 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3f7bfd8d-329a-4953-854b-1c3f83c41d0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1693 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3f7bfd8d-329a-4953-854b-1c3f83c41d0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1692 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3f7bfd8d-329a-4953-854b-1c3f83c41d0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1691 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3f7bfd8d-329a-4953-854b-1c3f83c41d0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1690 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3f7bfd8d-329a-4953-854b-1c3f83c41d0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1689 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3f7bfd8d-329a-4953-854b-1c3f83c41d0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1688 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3f7bfd8d-329a-4953-854b-1c3f83c41d0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1687 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d6e9f8d4-b5bf-401b-a8b0-e926f2fe9e4a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=732982fb-9e7d-40f8-a915-94f7e388677e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1686 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d6e9f8d4-b5bf-401b-a8b0-e926f2fe9e4a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1685 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d6e9f8d4-b5bf-401b-a8b0-e926f2fe9e4a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1684 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d6e9f8d4-b5bf-401b-a8b0-e926f2fe9e4a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1683 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d6e9f8d4-b5bf-401b-a8b0-e926f2fe9e4a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1682 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d6e9f8d4-b5bf-401b-a8b0-e926f2fe9e4a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1681 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d6e9f8d4-b5bf-401b-a8b0-e926f2fe9e4a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1680 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=63db4a83-06aa-4d2e-b5af-c894b1373988
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2b4432e2-f7f3-4b5d-8640-29424a411ce7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1679 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e882c52-7914-4075-a59a-24209fae87aa
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA
EngineVersion=5.1.14393.1944
RunspaceId=0b0bcb79-3fb3-4d4a-b01c-abc97e6f95be
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1678 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e882c52-7914-4075-a59a-24209fae87aa
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA
EngineVersion=5.1.14393.1944
RunspaceId=0b0bcb79-3fb3-4d4a-b01c-abc97e6f95be
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1677 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e882c52-7914-4075-a59a-24209fae87aa
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1676 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e882c52-7914-4075-a59a-24209fae87aa
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1675 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e882c52-7914-4075-a59a-24209fae87aa
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1674 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e882c52-7914-4075-a59a-24209fae87aa
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1673 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e882c52-7914-4075-a59a-24209fae87aa
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1672 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e882c52-7914-4075-a59a-24209fae87aa
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAzAC4AMwAiACAAfAAgAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1671 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2b7e1e7b-6038-49bc-afb0-a98abf0c87bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=87f38c9d-ab22-4837-8476-8ff9c5aaa4b5
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1670 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2b7e1e7b-6038-49bc-afb0-a98abf0c87bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=87f38c9d-ab22-4837-8476-8ff9c5aaa4b5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1669 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2b7e1e7b-6038-49bc-afb0-a98abf0c87bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1668 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2b7e1e7b-6038-49bc-afb0-a98abf0c87bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1667 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2b7e1e7b-6038-49bc-afb0-a98abf0c87bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1666 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2b7e1e7b-6038-49bc-afb0-a98abf0c87bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1665 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2b7e1e7b-6038-49bc-afb0-a98abf0c87bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1664 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2b7e1e7b-6038-49bc-afb0-a98abf0c87bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1663 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2b7e1e7b-6038-49bc-afb0-a98abf0c87bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1662 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2b7e1e7b-6038-49bc-afb0-a98abf0c87bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1661 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=63db4a83-06aa-4d2e-b5af-c894b1373988
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2b4432e2-f7f3-4b5d-8640-29424a411ce7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1660 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=63db4a83-06aa-4d2e-b5af-c894b1373988
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1659 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=63db4a83-06aa-4d2e-b5af-c894b1373988
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1658 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=63db4a83-06aa-4d2e-b5af-c894b1373988
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1657 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=63db4a83-06aa-4d2e-b5af-c894b1373988
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1656 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=63db4a83-06aa-4d2e-b5af-c894b1373988
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1655 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=63db4a83-06aa-4d2e-b5af-c894b1373988
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1654 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11f88326-8ca6-4ca6-be1a-517d0332e17c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQAyAEEARABVAEEATgBRAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEkAQQBOAEEAQQAyAEEARABVAEEATgB3AEEAdwBBAEQAQQBBAE0AdwBBAHcAQQBEAGsAQQBPAEEAQQB4AEEARABJAEEATQB3AEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=200b38a6-46b5-4c92-a7d3-9d21103354ea
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1653 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=348094af-e84c-4df5-a66e-e5f69c6e486d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA2ADUANQAuADkANwAtADIANAA2ADUANwAwADAAMwAwADkAOAAxADIAMwAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=1e9be166-8c74-411c-9e56-8d9c86591b16
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1652 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=348094af-e84c-4df5-a66e-e5f69c6e486d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA2ADUANQAuADkANwAtADIANAA2ADUANwAwADAAMwAwADkAOAAxADIAMwAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=1e9be166-8c74-411c-9e56-8d9c86591b16
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1651 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=348094af-e84c-4df5-a66e-e5f69c6e486d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA2ADUANQAuADkANwAtADIANAA2ADUANwAwADAAMwAwADkAOAAxADIAMwAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1650 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=348094af-e84c-4df5-a66e-e5f69c6e486d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA2ADUANQAuADkANwAtADIANAA2ADUANwAwADAAMwAwADkAOAAxADIAMwAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1649 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=348094af-e84c-4df5-a66e-e5f69c6e486d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA2ADUANQAuADkANwAtADIANAA2ADUANwAwADAAMwAwADkAOAAxADIAMwAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1648 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=348094af-e84c-4df5-a66e-e5f69c6e486d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA2ADUANQAuADkANwAtADIANAA2ADUANwAwADAAMwAwADkAOAAxADIAMwAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1647 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=348094af-e84c-4df5-a66e-e5f69c6e486d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA2ADUANQAuADkANwAtADIANAA2ADUANwAwADAAMwAwADkAOAAxADIAMwAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1646 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=348094af-e84c-4df5-a66e-e5f69c6e486d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA2ADUANQAuADkANwAtADIANAA2ADUANwAwADAAMwAwADkAOAAxADIAMwAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1645 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11f88326-8ca6-4ca6-be1a-517d0332e17c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQAyAEEARABVAEEATgBRAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEkAQQBOAEEAQQAyAEEARABVAEEATgB3AEEAdwBBAEQAQQBBAE0AdwBBAHcAQQBEAGsAQQBPAEEAQQB4AEEARABJAEEATQB3AEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=200b38a6-46b5-4c92-a7d3-9d21103354ea
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1644 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11f88326-8ca6-4ca6-be1a-517d0332e17c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQAyAEEARABVAEEATgBRAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEkAQQBOAEEAQQAyAEEARABVAEEATgB3AEEAdwBBAEQAQQBBAE0AdwBBAHcAQQBEAGsAQQBPAEEAQQB4AEEARABJAEEATQB3AEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1643 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11f88326-8ca6-4ca6-be1a-517d0332e17c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQAyAEEARABVAEEATgBRAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEkAQQBOAEEAQQAyAEEARABVAEEATgB3AEEAdwBBAEQAQQBBAE0AdwBBAHcAQQBEAGsAQQBPAEEAQQB4AEEARABJAEEATQB3AEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1642 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11f88326-8ca6-4ca6-be1a-517d0332e17c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQAyAEEARABVAEEATgBRAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEkAQQBOAEEAQQAyAEEARABVAEEATgB3AEEAdwBBAEQAQQBBAE0AdwBBAHcAQQBEAGsAQQBPAEEAQQB4AEEARABJAEEATQB3AEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1641 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11f88326-8ca6-4ca6-be1a-517d0332e17c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQAyAEEARABVAEEATgBRAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEkAQQBOAEEAQQAyAEEARABVAEEATgB3AEEAdwBBAEQAQQBBAE0AdwBBAHcAQQBEAGsAQQBPAEEAQQB4AEEARABJAEEATQB3AEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1640 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11f88326-8ca6-4ca6-be1a-517d0332e17c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQAyAEEARABVAEEATgBRAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEkAQQBOAEEAQQAyAEEARABVAEEATgB3AEEAdwBBAEQAQQBBAE0AdwBBAHcAQQBEAGsAQQBPAEEAQQB4AEEARABJAEEATQB3AEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1639 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11f88326-8ca6-4ca6-be1a-517d0332e17c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQAyAEEARABVAEEATgBRAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEkAQQBOAEEAQQAyAEEARABVAEEATgB3AEEAdwBBAEQAQQBBAE0AdwBBAHcAQQBEAGsAQQBPAEEAQQB4AEEARABJAEEATQB3AEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1638 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=815f9868-e1af-45a4-88d2-91fc558f09ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b249461c-b725-42f0-86d7-843eb8ef20e8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1637 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c20e7ab-9a2f-4937-af74-b78ae7ee7d04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=159b76dd-6c13-4b6f-b5f4-97e2fef963a2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1636 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c20e7ab-9a2f-4937-af74-b78ae7ee7d04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1635 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c20e7ab-9a2f-4937-af74-b78ae7ee7d04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1634 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c20e7ab-9a2f-4937-af74-b78ae7ee7d04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1633 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c20e7ab-9a2f-4937-af74-b78ae7ee7d04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1632 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c20e7ab-9a2f-4937-af74-b78ae7ee7d04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1631 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c20e7ab-9a2f-4937-af74-b78ae7ee7d04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1630 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c20e7ab-9a2f-4937-af74-b78ae7ee7d04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1629 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c20e7ab-9a2f-4937-af74-b78ae7ee7d04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1628 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=815f9868-e1af-45a4-88d2-91fc558f09ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b249461c-b725-42f0-86d7-843eb8ef20e8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1627 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=815f9868-e1af-45a4-88d2-91fc558f09ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1626 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=815f9868-e1af-45a4-88d2-91fc558f09ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1625 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=815f9868-e1af-45a4-88d2-91fc558f09ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1624 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=815f9868-e1af-45a4-88d2-91fc558f09ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1623 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=815f9868-e1af-45a4-88d2-91fc558f09ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1622 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=815f9868-e1af-45a4-88d2-91fc558f09ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1621 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=12b1bfcc-e0ca-42a2-b118-25011392219b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA2ADUANQAuADkANwAtADIANAA2ADUANwAwADAAMwAwADkAOAAxADIAMwAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=0d58be2c-cb28-4906-928c-1e5e6b303d38
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1620 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=12b1bfcc-e0ca-42a2-b118-25011392219b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA2ADUANQAuADkANwAtADIANAA2ADUANwAwADAAMwAwADkAOAAxADIAMwAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=0d58be2c-cb28-4906-928c-1e5e6b303d38
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1619 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=12b1bfcc-e0ca-42a2-b118-25011392219b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA2ADUANQAuADkANwAtADIANAA2ADUANwAwADAAMwAwADkAOAAxADIAMwAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1618 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=12b1bfcc-e0ca-42a2-b118-25011392219b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA2ADUANQAuADkANwAtADIANAA2ADUANwAwADAAMwAwADkAOAAxADIAMwAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1617 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=12b1bfcc-e0ca-42a2-b118-25011392219b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA2ADUANQAuADkANwAtADIANAA2ADUANwAwADAAMwAwADkAOAAxADIAMwAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1616 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=12b1bfcc-e0ca-42a2-b118-25011392219b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA2ADUANQAuADkANwAtADIANAA2ADUANwAwADAAMwAwADkAOAAxADIAMwAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1615 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=12b1bfcc-e0ca-42a2-b118-25011392219b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA2ADUANQAuADkANwAtADIANAA2ADUANwAwADAAMwAwADkAOAAxADIAMwAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1614 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=12b1bfcc-e0ca-42a2-b118-25011392219b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgA2ADUANQAuADkANwAtADIANAA2ADUANwAwADAAMwAwADkAOAAxADIAMwAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1613 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9eb7d24e-9258-4d73-8b76-5c807bf87c3e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAFkAQQBOAFEAQQAxAEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AZwBBADAAQQBEAFkAQQBOAFEAQQAzAEEARABBAEEATQBBAEEAegBBAEQAQQBBAE8AUQBBADQAQQBEAEUAQQBNAGcAQQB6AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=5dcaffd8-3b4c-4b9c-9d7c-71b1868363e3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1612 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e5858dc-0d52-4ae5-b0c9-0fdf05711175
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADYANQA1AC4AOQA3AC0AMgA0ADYANQA3ADAAMAAzADAAOQA4ADEAMgAzADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=81427ac8-276b-480e-ba62-38d0aeebb8b8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1611 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e5858dc-0d52-4ae5-b0c9-0fdf05711175
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADYANQA1AC4AOQA3AC0AMgA0ADYANQA3ADAAMAAzADAAOQA4ADEAMgAzADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=81427ac8-276b-480e-ba62-38d0aeebb8b8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1610 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e5858dc-0d52-4ae5-b0c9-0fdf05711175
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADYANQA1AC4AOQA3AC0AMgA0ADYANQA3ADAAMAAzADAAOQA4ADEAMgAzADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1609 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e5858dc-0d52-4ae5-b0c9-0fdf05711175
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADYANQA1AC4AOQA3AC0AMgA0ADYANQA3ADAAMAAzADAAOQA4ADEAMgAzADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1608 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e5858dc-0d52-4ae5-b0c9-0fdf05711175
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADYANQA1AC4AOQA3AC0AMgA0ADYANQA3ADAAMAAzADAAOQA4ADEAMgAzADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1607 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e5858dc-0d52-4ae5-b0c9-0fdf05711175
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADYANQA1AC4AOQA3AC0AMgA0ADYANQA3ADAAMAAzADAAOQA4ADEAMgAzADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1606 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e5858dc-0d52-4ae5-b0c9-0fdf05711175
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADYANQA1AC4AOQA3AC0AMgA0ADYANQA3ADAAMAAzADAAOQA4ADEAMgAzADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1605 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e5858dc-0d52-4ae5-b0c9-0fdf05711175
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADYANQA1AC4AOQA3AC0AMgA0ADYANQA3ADAAMAAzADAAOQA4ADEAMgAzADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1604 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9eb7d24e-9258-4d73-8b76-5c807bf87c3e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAFkAQQBOAFEAQQAxAEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AZwBBADAAQQBEAFkAQQBOAFEAQQAzAEEARABBAEEATQBBAEEAegBBAEQAQQBBAE8AUQBBADQAQQBEAEUAQQBNAGcAQQB6AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=5dcaffd8-3b4c-4b9c-9d7c-71b1868363e3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1603 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9eb7d24e-9258-4d73-8b76-5c807bf87c3e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAFkAQQBOAFEAQQAxAEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AZwBBADAAQQBEAFkAQQBOAFEAQQAzAEEARABBAEEATQBBAEEAegBBAEQAQQBBAE8AUQBBADQAQQBEAEUAQQBNAGcAQQB6AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1602 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9eb7d24e-9258-4d73-8b76-5c807bf87c3e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAFkAQQBOAFEAQQAxAEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AZwBBADAAQQBEAFkAQQBOAFEAQQAzAEEARABBAEEATQBBAEEAegBBAEQAQQBBAE8AUQBBADQAQQBEAEUAQQBNAGcAQQB6AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1601 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9eb7d24e-9258-4d73-8b76-5c807bf87c3e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAFkAQQBOAFEAQQAxAEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AZwBBADAAQQBEAFkAQQBOAFEAQQAzAEEARABBAEEATQBBAEEAegBBAEQAQQBBAE8AUQBBADQAQQBEAEUAQQBNAGcAQQB6AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1600 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9eb7d24e-9258-4d73-8b76-5c807bf87c3e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAFkAQQBOAFEAQQAxAEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AZwBBADAAQQBEAFkAQQBOAFEAQQAzAEEARABBAEEATQBBAEEAegBBAEQAQQBBAE8AUQBBADQAQQBEAEUAQQBNAGcAQQB6AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1599 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9eb7d24e-9258-4d73-8b76-5c807bf87c3e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAFkAQQBOAFEAQQAxAEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AZwBBADAAQQBEAFkAQQBOAFEAQQAzAEEARABBAEEATQBBAEEAegBBAEQAQQBBAE8AUQBBADQAQQBEAEUAQQBNAGcAQQB6AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1598 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9eb7d24e-9258-4d73-8b76-5c807bf87c3e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAFkAQQBOAFEAQQAxAEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AZwBBADAAQQBEAFkAQQBOAFEAQQAzAEEARABBAEEATQBBAEEAegBBAEQAQQBBAE8AUQBBADQAQQBEAEUAQQBNAGcAQQB6AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1597 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19b26db0-8563-4d2b-bd3c-01027f19911d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e930c08b-8f3d-4c45-9e1c-969d3e0a1679
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1596 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5631c9aa-ddf5-4c47-b8f6-c2df5ae4825d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=596f96d6-12b7-4533-8199-2a0b8554f450
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1595 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5631c9aa-ddf5-4c47-b8f6-c2df5ae4825d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1594 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5631c9aa-ddf5-4c47-b8f6-c2df5ae4825d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1593 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5631c9aa-ddf5-4c47-b8f6-c2df5ae4825d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1592 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5631c9aa-ddf5-4c47-b8f6-c2df5ae4825d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1591 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5631c9aa-ddf5-4c47-b8f6-c2df5ae4825d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1590 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5631c9aa-ddf5-4c47-b8f6-c2df5ae4825d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1589 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5631c9aa-ddf5-4c47-b8f6-c2df5ae4825d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1588 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5631c9aa-ddf5-4c47-b8f6-c2df5ae4825d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1587 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19b26db0-8563-4d2b-bd3c-01027f19911d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e930c08b-8f3d-4c45-9e1c-969d3e0a1679
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1586 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19b26db0-8563-4d2b-bd3c-01027f19911d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1585 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19b26db0-8563-4d2b-bd3c-01027f19911d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1584 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19b26db0-8563-4d2b-bd3c-01027f19911d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1583 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19b26db0-8563-4d2b-bd3c-01027f19911d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1582 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19b26db0-8563-4d2b-bd3c-01027f19911d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1581 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19b26db0-8563-4d2b-bd3c-01027f19911d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1580 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1ee87fba-6ba7-485a-b9d5-2f9889f54c2b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8ee42aad-c56e-41a3-b867-14194bf037d2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1579 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8faa60a8-2ccb-4e68-9d30-c7677c25f8c6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgBiAGUAYQBhADcAMwBiADEAZgA3ADMAZQA0AGQAOQBkAGIAMQA2AGYAZABjADUANwBhAGQANAA2ADQANQAwADIAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A
EngineVersion=5.1.14393.1944
RunspaceId=49c66248-510e-4710-a514-8433f1a7463f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1578 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:37:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8faa60a8-2ccb-4e68-9d30-c7677c25f8c6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgBiAGUAYQBhADcAMwBiADEAZgA3ADMAZQA0AGQAOQBkAGIAMQA2AGYAZABjADUANwBhAGQANAA2ADQANQAwADIAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A
EngineVersion=5.1.14393.1944
RunspaceId=49c66248-510e-4710-a514-8433f1a7463f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1577 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8faa60a8-2ccb-4e68-9d30-c7677c25f8c6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgBiAGUAYQBhADcAMwBiADEAZgA3ADMAZQA0AGQAOQBkAGIAMQA2AGYAZABjADUANwBhAGQANAA2ADQANQAwADIAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1576 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8faa60a8-2ccb-4e68-9d30-c7677c25f8c6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgBiAGUAYQBhADcAMwBiADEAZgA3ADMAZQA0AGQAOQBkAGIAMQA2AGYAZABjADUANwBhAGQANAA2ADQANQAwADIAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1575 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8faa60a8-2ccb-4e68-9d30-c7677c25f8c6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgBiAGUAYQBhADcAMwBiADEAZgA3ADMAZQA0AGQAOQBkAGIAMQA2AGYAZABjADUANwBhAGQANAA2ADQANQAwADIAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1574 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8faa60a8-2ccb-4e68-9d30-c7677c25f8c6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgBiAGUAYQBhADcAMwBiADEAZgA3ADMAZQA0AGQAOQBkAGIAMQA2AGYAZABjADUANwBhAGQANAA2ADQANQAwADIAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1573 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8faa60a8-2ccb-4e68-9d30-c7677c25f8c6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgBiAGUAYQBhADcAMwBiADEAZgA3ADMAZQA0AGQAOQBkAGIAMQA2AGYAZABjADUANwBhAGQANAA2ADQANQAwADIAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1572 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8faa60a8-2ccb-4e68-9d30-c7677c25f8c6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgBiAGUAYQBhADcAMwBiADEAZgA3ADMAZQA0AGQAOQBkAGIAMQA2AGYAZABjADUANwBhAGQANAA2ADQANQAwADIAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbwBzAC0AdwBpAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1571 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc5da8f4-5bc3-4cbf-a308-d08f242daff9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7f2a4801-26fb-412b-b18b-cb3dd56505c3
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1570 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc5da8f4-5bc3-4cbf-a308-d08f242daff9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7f2a4801-26fb-412b-b18b-cb3dd56505c3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1569 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc5da8f4-5bc3-4cbf-a308-d08f242daff9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1568 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc5da8f4-5bc3-4cbf-a308-d08f242daff9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1567 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc5da8f4-5bc3-4cbf-a308-d08f242daff9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1566 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc5da8f4-5bc3-4cbf-a308-d08f242daff9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1565 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc5da8f4-5bc3-4cbf-a308-d08f242daff9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1564 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc5da8f4-5bc3-4cbf-a308-d08f242daff9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1563 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc5da8f4-5bc3-4cbf-a308-d08f242daff9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1562 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc5da8f4-5bc3-4cbf-a308-d08f242daff9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1561 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1ee87fba-6ba7-485a-b9d5-2f9889f54c2b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8ee42aad-c56e-41a3-b867-14194bf037d2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1560 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1ee87fba-6ba7-485a-b9d5-2f9889f54c2b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1559 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1ee87fba-6ba7-485a-b9d5-2f9889f54c2b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1558 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1ee87fba-6ba7-485a-b9d5-2f9889f54c2b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1557 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1ee87fba-6ba7-485a-b9d5-2f9889f54c2b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1556 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1ee87fba-6ba7-485a-b9d5-2f9889f54c2b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1555 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1ee87fba-6ba7-485a-b9d5-2f9889f54c2b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1554 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c805042d-afc8-4ce0-93c4-cdeb21074226
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQB4AEEARABZAEEATQB3AEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAEkAQQBNAGcAQQB5AEEARABBAEEATgBnAEEAMQBBAEQAQQBBAE0AQQBBADQAQQBEAFUAQQBNAEEAQQAwAEEARABrAEEATQBBAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=7cf0b71c-fd6e-4598-9990-c2408b5a24f1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1553 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=63a50cc1-d8d6-41dd-8cc2-ccbe4e4a03e8
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgAxADYAMwAuADgANgAtADIAMgAyADAANgA1ADAAMAA4ADUAMAA0ADkAMAAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=b25aaa2e-6bb8-4f50-9c35-4df3ee70ce2f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1552 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=63a50cc1-d8d6-41dd-8cc2-ccbe4e4a03e8
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgAxADYAMwAuADgANgAtADIAMgAyADAANgA1ADAAMAA4ADUAMAA0ADkAMAAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=b25aaa2e-6bb8-4f50-9c35-4df3ee70ce2f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1551 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=63a50cc1-d8d6-41dd-8cc2-ccbe4e4a03e8
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgAxADYAMwAuADgANgAtADIAMgAyADAANgA1ADAAMAA4ADUAMAA0ADkAMAAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1550 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=63a50cc1-d8d6-41dd-8cc2-ccbe4e4a03e8
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgAxADYAMwAuADgANgAtADIAMgAyADAANgA1ADAAMAA4ADUAMAA0ADkAMAAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1549 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=63a50cc1-d8d6-41dd-8cc2-ccbe4e4a03e8
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgAxADYAMwAuADgANgAtADIAMgAyADAANgA1ADAAMAA4ADUAMAA0ADkAMAAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1548 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=63a50cc1-d8d6-41dd-8cc2-ccbe4e4a03e8
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgAxADYAMwAuADgANgAtADIAMgAyADAANgA1ADAAMAA4ADUAMAA0ADkAMAAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1547 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=63a50cc1-d8d6-41dd-8cc2-ccbe4e4a03e8
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgAxADYAMwAuADgANgAtADIAMgAyADAANgA1ADAAMAA4ADUAMAA0ADkAMAAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1546 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=63a50cc1-d8d6-41dd-8cc2-ccbe4e4a03e8
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgAxADYAMwAuADgANgAtADIAMgAyADAANgA1ADAAMAA4ADUAMAA0ADkAMAAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1545 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c805042d-afc8-4ce0-93c4-cdeb21074226
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQB4AEEARABZAEEATQB3AEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAEkAQQBNAGcAQQB5AEEARABBAEEATgBnAEEAMQBBAEQAQQBBAE0AQQBBADQAQQBEAFUAQQBNAEEAQQAwAEEARABrAEEATQBBAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=7cf0b71c-fd6e-4598-9990-c2408b5a24f1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1544 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c805042d-afc8-4ce0-93c4-cdeb21074226
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQB4AEEARABZAEEATQB3AEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAEkAQQBNAGcAQQB5AEEARABBAEEATgBnAEEAMQBBAEQAQQBBAE0AQQBBADQAQQBEAFUAQQBNAEEAQQAwAEEARABrAEEATQBBAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1543 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c805042d-afc8-4ce0-93c4-cdeb21074226
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQB4AEEARABZAEEATQB3AEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAEkAQQBNAGcAQQB5AEEARABBAEEATgBnAEEAMQBBAEQAQQBBAE0AQQBBADQAQQBEAFUAQQBNAEEAQQAwAEEARABrAEEATQBBAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1542 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c805042d-afc8-4ce0-93c4-cdeb21074226
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQB4AEEARABZAEEATQB3AEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAEkAQQBNAGcAQQB5AEEARABBAEEATgBnAEEAMQBBAEQAQQBBAE0AQQBBADQAQQBEAFUAQQBNAEEAQQAwAEEARABrAEEATQBBAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1541 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c805042d-afc8-4ce0-93c4-cdeb21074226
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQB4AEEARABZAEEATQB3AEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAEkAQQBNAGcAQQB5AEEARABBAEEATgBnAEEAMQBBAEQAQQBBAE0AQQBBADQAQQBEAFUAQQBNAEEAQQAwAEEARABrAEEATQBBAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1540 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c805042d-afc8-4ce0-93c4-cdeb21074226
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQB4AEEARABZAEEATQB3AEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAEkAQQBNAGcAQQB5AEEARABBAEEATgBnAEEAMQBBAEQAQQBBAE0AQQBBADQAQQBEAFUAQQBNAEEAQQAwAEEARABrAEEATQBBAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1539 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c805042d-afc8-4ce0-93c4-cdeb21074226
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAGcAQQB4AEEARABZAEEATQB3AEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAEkAQQBNAGcAQQB5AEEARABBAEEATgBnAEEAMQBBAEQAQQBBAE0AQQBBADQAQQBEAFUAQQBNAEEAQQAwAEEARABrAEEATQBBAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1538 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1d64dfe-0c3e-47b4-936f-8353bc110d92
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=aa7300f9-70c9-4e86-929f-69dab56d6fab
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1537 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b783d02-57f0-4f3a-92a0-01ea1b01efb6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=36c20aa2-9ea0-4b76-b588-469da0a5c0f7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1536 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b783d02-57f0-4f3a-92a0-01ea1b01efb6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1535 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b783d02-57f0-4f3a-92a0-01ea1b01efb6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1534 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b783d02-57f0-4f3a-92a0-01ea1b01efb6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1533 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b783d02-57f0-4f3a-92a0-01ea1b01efb6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1532 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b783d02-57f0-4f3a-92a0-01ea1b01efb6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1531 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b783d02-57f0-4f3a-92a0-01ea1b01efb6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1530 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b783d02-57f0-4f3a-92a0-01ea1b01efb6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1529 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b783d02-57f0-4f3a-92a0-01ea1b01efb6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1528 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1d64dfe-0c3e-47b4-936f-8353bc110d92
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=aa7300f9-70c9-4e86-929f-69dab56d6fab
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1527 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1d64dfe-0c3e-47b4-936f-8353bc110d92
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1526 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1d64dfe-0c3e-47b4-936f-8353bc110d92
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1525 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1d64dfe-0c3e-47b4-936f-8353bc110d92
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1524 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1d64dfe-0c3e-47b4-936f-8353bc110d92
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1523 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1d64dfe-0c3e-47b4-936f-8353bc110d92
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1522 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1d64dfe-0c3e-47b4-936f-8353bc110d92
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1521 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36c72cf9-9a82-43de-b55a-6b40c2f2f661
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgAxADYAMwAuADgANgAtADIAMgAyADAANgA1ADAAMAA4ADUAMAA0ADkAMAAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=caa80691-9f2a-4c23-8365-3f962fd6fb1f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1520 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36c72cf9-9a82-43de-b55a-6b40c2f2f661
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgAxADYAMwAuADgANgAtADIAMgAyADAANgA1ADAAMAA4ADUAMAA0ADkAMAAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=caa80691-9f2a-4c23-8365-3f962fd6fb1f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1519 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36c72cf9-9a82-43de-b55a-6b40c2f2f661
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgAxADYAMwAuADgANgAtADIAMgAyADAANgA1ADAAMAA4ADUAMAA0ADkAMAAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1518 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36c72cf9-9a82-43de-b55a-6b40c2f2f661
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgAxADYAMwAuADgANgAtADIAMgAyADAANgA1ADAAMAA4ADUAMAA0ADkAMAAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1517 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36c72cf9-9a82-43de-b55a-6b40c2f2f661
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgAxADYAMwAuADgANgAtADIAMgAyADAANgA1ADAAMAA4ADUAMAA0ADkAMAAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1516 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36c72cf9-9a82-43de-b55a-6b40c2f2f661
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgAxADYAMwAuADgANgAtADIAMgAyADAANgA1ADAAMAA4ADUAMAA0ADkAMAAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1515 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36c72cf9-9a82-43de-b55a-6b40c2f2f661
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgAxADYAMwAuADgANgAtADIAMgAyADAANgA1ADAAMAA4ADUAMAA0ADkAMAAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1514 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36c72cf9-9a82-43de-b55a-6b40c2f2f661
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANgAxADYAMwAuADgANgAtADIAMgAyADAANgA1ADAAMAA4ADUAMAA0ADkAMAAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1513 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=85affe77-69ba-47cb-b217-bbc11eafd23c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAEUAQQBOAGcAQQB6AEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE0AZwBBAHkAQQBEAEkAQQBNAEEAQQAyAEEARABVAEEATQBBAEEAdwBBAEQAZwBBAE4AUQBBAHcAQQBEAFEAQQBPAFEAQQB3AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=c8f0d7e9-39c0-4274-924b-f99969b8fd2c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1512 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=828f83a2-764a-4c1e-932f-b72bf3c55d87
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADEANgAzAC4AOAA2AC0AMgAyADIAMAA2ADUAMAAwADgANQAwADQAOQAwADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=7fb9f184-c725-4256-92e9-8524cfd5b3d7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1511 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=828f83a2-764a-4c1e-932f-b72bf3c55d87
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADEANgAzAC4AOAA2AC0AMgAyADIAMAA2ADUAMAAwADgANQAwADQAOQAwADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=7fb9f184-c725-4256-92e9-8524cfd5b3d7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1510 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=828f83a2-764a-4c1e-932f-b72bf3c55d87
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADEANgAzAC4AOAA2AC0AMgAyADIAMAA2ADUAMAAwADgANQAwADQAOQAwADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1509 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=828f83a2-764a-4c1e-932f-b72bf3c55d87
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADEANgAzAC4AOAA2AC0AMgAyADIAMAA2ADUAMAAwADgANQAwADQAOQAwADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1508 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=828f83a2-764a-4c1e-932f-b72bf3c55d87
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADEANgAzAC4AOAA2AC0AMgAyADIAMAA2ADUAMAAwADgANQAwADQAOQAwADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1507 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=828f83a2-764a-4c1e-932f-b72bf3c55d87
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADEANgAzAC4AOAA2AC0AMgAyADIAMAA2ADUAMAAwADgANQAwADQAOQAwADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1506 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=828f83a2-764a-4c1e-932f-b72bf3c55d87
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADEANgAzAC4AOAA2AC0AMgAyADIAMAA2ADUAMAAwADgANQAwADQAOQAwADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1505 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=828f83a2-764a-4c1e-932f-b72bf3c55d87
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA2ADEANgAzAC4AOAA2AC0AMgAyADIAMAA2ADUAMAAwADgANQAwADQAOQAwADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1504 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=85affe77-69ba-47cb-b217-bbc11eafd23c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAEUAQQBOAGcAQQB6AEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE0AZwBBAHkAQQBEAEkAQQBNAEEAQQAyAEEARABVAEEATQBBAEEAdwBBAEQAZwBBAE4AUQBBAHcAQQBEAFEAQQBPAFEAQQB3AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=c8f0d7e9-39c0-4274-924b-f99969b8fd2c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1503 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=85affe77-69ba-47cb-b217-bbc11eafd23c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAEUAQQBOAGcAQQB6AEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE0AZwBBAHkAQQBEAEkAQQBNAEEAQQAyAEEARABVAEEATQBBAEEAdwBBAEQAZwBBAE4AUQBBAHcAQQBEAFEAQQBPAFEAQQB3AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1502 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=85affe77-69ba-47cb-b217-bbc11eafd23c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAEUAQQBOAGcAQQB6AEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE0AZwBBAHkAQQBEAEkAQQBNAEEAQQAyAEEARABVAEEATQBBAEEAdwBBAEQAZwBBAE4AUQBBAHcAQQBEAFEAQQBPAFEAQQB3AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1501 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=85affe77-69ba-47cb-b217-bbc11eafd23c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAEUAQQBOAGcAQQB6AEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE0AZwBBAHkAQQBEAEkAQQBNAEEAQQAyAEEARABVAEEATQBBAEEAdwBBAEQAZwBBAE4AUQBBAHcAQQBEAFEAQQBPAFEAQQB3AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1500 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=85affe77-69ba-47cb-b217-bbc11eafd23c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAEUAQQBOAGcAQQB6AEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE0AZwBBAHkAQQBEAEkAQQBNAEEAQQAyAEEARABVAEEATQBBAEEAdwBBAEQAZwBBAE4AUQBBAHcAQQBEAFEAQQBPAFEAQQB3AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1499 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=85affe77-69ba-47cb-b217-bbc11eafd23c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAEUAQQBOAGcAQQB6AEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE0AZwBBAHkAQQBEAEkAQQBNAEEAQQAyAEEARABVAEEATQBBAEEAdwBBAEQAZwBBAE4AUQBBAHcAQQBEAFEAQQBPAFEAQQB3AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1498 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=85affe77-69ba-47cb-b217-bbc11eafd23c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADIAQQBEAEUAQQBOAGcAQQB6AEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE0AZwBBAHkAQQBEAEkAQQBNAEEAQQAyAEEARABVAEEATQBBAEEAdwBBAEQAZwBBAE4AUQBBAHcAQQBEAFEAQQBPAFEAQQB3AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1497 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=429325b5-9e04-45e2-82e5-2954c391800e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3b966367-83d7-4b92-9aaf-216123f9536f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1496 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=051a7830-f1b1-445c-ad31-5dc92ce3ab90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8e8c084f-ebbd-4e70-b1f8-7e6737afd308
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1495 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=051a7830-f1b1-445c-ad31-5dc92ce3ab90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1494 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=051a7830-f1b1-445c-ad31-5dc92ce3ab90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1493 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=051a7830-f1b1-445c-ad31-5dc92ce3ab90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1492 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=051a7830-f1b1-445c-ad31-5dc92ce3ab90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1491 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=051a7830-f1b1-445c-ad31-5dc92ce3ab90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1490 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=051a7830-f1b1-445c-ad31-5dc92ce3ab90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1489 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=051a7830-f1b1-445c-ad31-5dc92ce3ab90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1488 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=051a7830-f1b1-445c-ad31-5dc92ce3ab90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1487 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=429325b5-9e04-45e2-82e5-2954c391800e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3b966367-83d7-4b92-9aaf-216123f9536f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1486 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=429325b5-9e04-45e2-82e5-2954c391800e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1485 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=429325b5-9e04-45e2-82e5-2954c391800e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1484 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=429325b5-9e04-45e2-82e5-2954c391800e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1483 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=429325b5-9e04-45e2-82e5-2954c391800e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1482 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=429325b5-9e04-45e2-82e5-2954c391800e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1481 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=429325b5-9e04-45e2-82e5-2954c391800e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1480 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=275a1190-402c-4dae-a52c-69e2bdd48b8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3929264f-0ef3-4fbe-b220-5a06e5a8bda9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1479 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc3f690e-bf15-454e-97dd-995a12982368
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=41e9df61-d85c-4c50-a474-88871a044550
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1478 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc3f690e-bf15-454e-97dd-995a12982368
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1477 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc3f690e-bf15-454e-97dd-995a12982368
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1476 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc3f690e-bf15-454e-97dd-995a12982368
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1475 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc3f690e-bf15-454e-97dd-995a12982368
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1474 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc3f690e-bf15-454e-97dd-995a12982368
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1473 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc3f690e-bf15-454e-97dd-995a12982368
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1472 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc3f690e-bf15-454e-97dd-995a12982368
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1471 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc3f690e-bf15-454e-97dd-995a12982368
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1470 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=275a1190-402c-4dae-a52c-69e2bdd48b8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3929264f-0ef3-4fbe-b220-5a06e5a8bda9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1469 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=275a1190-402c-4dae-a52c-69e2bdd48b8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1468 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=275a1190-402c-4dae-a52c-69e2bdd48b8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1467 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=275a1190-402c-4dae-a52c-69e2bdd48b8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1466 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=275a1190-402c-4dae-a52c-69e2bdd48b8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1465 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=275a1190-402c-4dae-a52c-69e2bdd48b8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1464 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=275a1190-402c-4dae-a52c-69e2bdd48b8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1463 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e7fe332d-49be-4240-9120-2c476be74b12
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0422a749-21fe-4ba7-8a24-c504319e8c2a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1462 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:29:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=583d2c32-6125-41a7-a80c-edabc79f804a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=191a0401-c035-4f84-a687-bbba69b207a4
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1461 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=583d2c32-6125-41a7-a80c-edabc79f804a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=191a0401-c035-4f84-a687-bbba69b207a4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1460 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=583d2c32-6125-41a7-a80c-edabc79f804a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1459 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=583d2c32-6125-41a7-a80c-edabc79f804a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1458 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=583d2c32-6125-41a7-a80c-edabc79f804a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1457 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=583d2c32-6125-41a7-a80c-edabc79f804a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1456 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=583d2c32-6125-41a7-a80c-edabc79f804a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1455 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=583d2c32-6125-41a7-a80c-edabc79f804a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1454 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=583d2c32-6125-41a7-a80c-edabc79f804a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1453 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=583d2c32-6125-41a7-a80c-edabc79f804a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1452 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e7fe332d-49be-4240-9120-2c476be74b12
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0422a749-21fe-4ba7-8a24-c504319e8c2a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1451 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e7fe332d-49be-4240-9120-2c476be74b12
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1450 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e7fe332d-49be-4240-9120-2c476be74b12
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1449 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e7fe332d-49be-4240-9120-2c476be74b12
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1448 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e7fe332d-49be-4240-9120-2c476be74b12
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1447 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e7fe332d-49be-4240-9120-2c476be74b12
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1446 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e7fe332d-49be-4240-9120-2c476be74b12
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1445 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=916fe229-6484-4fd3-b464-96add8fc615d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=eef281be-edb6-4bfd-bc70-2f8330551c95
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1444 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5283d24b-082e-424c-bad0-6ce8a448e334
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=dc836cb4-a7cb-4ef3-9dc0-4a9c42f7015a
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1443 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5283d24b-082e-424c-bad0-6ce8a448e334
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=dc836cb4-a7cb-4ef3-9dc0-4a9c42f7015a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1442 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5283d24b-082e-424c-bad0-6ce8a448e334
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1441 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5283d24b-082e-424c-bad0-6ce8a448e334
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1440 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5283d24b-082e-424c-bad0-6ce8a448e334
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1439 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5283d24b-082e-424c-bad0-6ce8a448e334
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1438 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5283d24b-082e-424c-bad0-6ce8a448e334
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1437 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5283d24b-082e-424c-bad0-6ce8a448e334
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1436 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5283d24b-082e-424c-bad0-6ce8a448e334
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1435 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5283d24b-082e-424c-bad0-6ce8a448e334
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1434 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=916fe229-6484-4fd3-b464-96add8fc615d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=eef281be-edb6-4bfd-bc70-2f8330551c95
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1433 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=916fe229-6484-4fd3-b464-96add8fc615d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1432 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=916fe229-6484-4fd3-b464-96add8fc615d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1431 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=916fe229-6484-4fd3-b464-96add8fc615d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1430 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=916fe229-6484-4fd3-b464-96add8fc615d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1429 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=916fe229-6484-4fd3-b464-96add8fc615d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1428 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=916fe229-6484-4fd3-b464-96add8fc615d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1427 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0fcb5b73-d01b-4141-86ee-ed44f1aa2972
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0a664c0d-a7cd-4461-81ba-30d8fc107eb3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1426 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89f57db0-d29a-4789-a382-341717630cef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9a416f24-553c-46fd-a3ad-71ffdce0c692
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1425 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89f57db0-d29a-4789-a382-341717630cef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1424 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89f57db0-d29a-4789-a382-341717630cef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1423 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89f57db0-d29a-4789-a382-341717630cef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1422 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89f57db0-d29a-4789-a382-341717630cef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1421 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89f57db0-d29a-4789-a382-341717630cef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1420 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89f57db0-d29a-4789-a382-341717630cef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1419 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89f57db0-d29a-4789-a382-341717630cef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1418 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89f57db0-d29a-4789-a382-341717630cef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1417 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0fcb5b73-d01b-4141-86ee-ed44f1aa2972
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0a664c0d-a7cd-4461-81ba-30d8fc107eb3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1416 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0fcb5b73-d01b-4141-86ee-ed44f1aa2972
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1415 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0fcb5b73-d01b-4141-86ee-ed44f1aa2972
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1414 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0fcb5b73-d01b-4141-86ee-ed44f1aa2972
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1413 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0fcb5b73-d01b-4141-86ee-ed44f1aa2972
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1412 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0fcb5b73-d01b-4141-86ee-ed44f1aa2972
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1411 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0fcb5b73-d01b-4141-86ee-ed44f1aa2972
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1410 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28edc4e4-b2d2-4631-8ae3-4a74924fa3ef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e23d0c2e-0bc4-4bd2-9431-fc6c42ffa402
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1409 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf63d9b9-b7ee-4787-b888-412d30a0a135
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=5.1.14393.1944
RunspaceId=5a7cbf71-75d3-4b61-b90a-a8756327470e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1408 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf63d9b9-b7ee-4787-b888-412d30a0a135
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=5.1.14393.1944
RunspaceId=5a7cbf71-75d3-4b61-b90a-a8756327470e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1407 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf63d9b9-b7ee-4787-b888-412d30a0a135
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1406 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf63d9b9-b7ee-4787-b888-412d30a0a135
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1405 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf63d9b9-b7ee-4787-b888-412d30a0a135
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1404 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf63d9b9-b7ee-4787-b888-412d30a0a135
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1403 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf63d9b9-b7ee-4787-b888-412d30a0a135
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1402 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf63d9b9-b7ee-4787-b888-412d30a0a135
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1401 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0175d164-75ce-4b38-9884-65839fe94fc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=503a1831-05a7-4c52-a49f-9e81f4954174
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1400 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0175d164-75ce-4b38-9884-65839fe94fc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=503a1831-05a7-4c52-a49f-9e81f4954174
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1399 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0175d164-75ce-4b38-9884-65839fe94fc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1398 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0175d164-75ce-4b38-9884-65839fe94fc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1397 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0175d164-75ce-4b38-9884-65839fe94fc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1396 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0175d164-75ce-4b38-9884-65839fe94fc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1395 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0175d164-75ce-4b38-9884-65839fe94fc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1394 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0175d164-75ce-4b38-9884-65839fe94fc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1393 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0175d164-75ce-4b38-9884-65839fe94fc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1392 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0175d164-75ce-4b38-9884-65839fe94fc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1391 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28edc4e4-b2d2-4631-8ae3-4a74924fa3ef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e23d0c2e-0bc4-4bd2-9431-fc6c42ffa402
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1390 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28edc4e4-b2d2-4631-8ae3-4a74924fa3ef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1389 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28edc4e4-b2d2-4631-8ae3-4a74924fa3ef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1388 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28edc4e4-b2d2-4631-8ae3-4a74924fa3ef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1387 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28edc4e4-b2d2-4631-8ae3-4a74924fa3ef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1386 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28edc4e4-b2d2-4631-8ae3-4a74924fa3ef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1385 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28edc4e4-b2d2-4631-8ae3-4a74924fa3ef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1384 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=10210dff-348c-4d31-a4c9-802c2e8fce44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a67f6ba2-0698-44f7-913e-a5b4b3349f20
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1383 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1b92b4c2-c778-4c0b-b4ac-093d9f427c50
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=5.1.14393.1944
RunspaceId=b1c13099-7490-4d6d-896f-1c712cb47bdc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1382 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1b92b4c2-c778-4c0b-b4ac-093d9f427c50
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=5.1.14393.1944
RunspaceId=b1c13099-7490-4d6d-896f-1c712cb47bdc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1381 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1b92b4c2-c778-4c0b-b4ac-093d9f427c50
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1380 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1b92b4c2-c778-4c0b-b4ac-093d9f427c50
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1379 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1b92b4c2-c778-4c0b-b4ac-093d9f427c50
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1378 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1b92b4c2-c778-4c0b-b4ac-093d9f427c50
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1377 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1b92b4c2-c778-4c0b-b4ac-093d9f427c50
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1376 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1b92b4c2-c778-4c0b-b4ac-093d9f427c50
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1375 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=244d55d9-918a-4e54-986d-7b0369c5d8b6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fb698d65-a252-4921-9645-7e99bb15ac11
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1374 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=244d55d9-918a-4e54-986d-7b0369c5d8b6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fb698d65-a252-4921-9645-7e99bb15ac11
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1373 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=244d55d9-918a-4e54-986d-7b0369c5d8b6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1372 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=244d55d9-918a-4e54-986d-7b0369c5d8b6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1371 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=244d55d9-918a-4e54-986d-7b0369c5d8b6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1370 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=244d55d9-918a-4e54-986d-7b0369c5d8b6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1369 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=244d55d9-918a-4e54-986d-7b0369c5d8b6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1368 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=244d55d9-918a-4e54-986d-7b0369c5d8b6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1367 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=244d55d9-918a-4e54-986d-7b0369c5d8b6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1366 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=244d55d9-918a-4e54-986d-7b0369c5d8b6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1365 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=10210dff-348c-4d31-a4c9-802c2e8fce44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a67f6ba2-0698-44f7-913e-a5b4b3349f20
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1364 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=10210dff-348c-4d31-a4c9-802c2e8fce44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1363 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=10210dff-348c-4d31-a4c9-802c2e8fce44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1362 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=10210dff-348c-4d31-a4c9-802c2e8fce44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1361 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=10210dff-348c-4d31-a4c9-802c2e8fce44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1360 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=10210dff-348c-4d31-a4c9-802c2e8fce44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1359 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=10210dff-348c-4d31-a4c9-802c2e8fce44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1358 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=57324d72-8cea-4a8c-ac30-be1144801a38
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=360eae89-8f17-45f2-a438-60e4cfbf08f3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1357 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=de5d245b-84c1-473a-9b42-fe167ccd5b0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=11202080-47e4-4b2c-b9c1-e201d4602d38
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1356 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=de5d245b-84c1-473a-9b42-fe167ccd5b0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=11202080-47e4-4b2c-b9c1-e201d4602d38
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1355 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=de5d245b-84c1-473a-9b42-fe167ccd5b0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1354 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=de5d245b-84c1-473a-9b42-fe167ccd5b0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1353 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=de5d245b-84c1-473a-9b42-fe167ccd5b0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1352 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=de5d245b-84c1-473a-9b42-fe167ccd5b0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1351 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=de5d245b-84c1-473a-9b42-fe167ccd5b0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1350 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=de5d245b-84c1-473a-9b42-fe167ccd5b0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1349 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=de5d245b-84c1-473a-9b42-fe167ccd5b0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1348 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=de5d245b-84c1-473a-9b42-fe167ccd5b0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1347 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=57324d72-8cea-4a8c-ac30-be1144801a38
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=360eae89-8f17-45f2-a438-60e4cfbf08f3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1346 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=57324d72-8cea-4a8c-ac30-be1144801a38
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1345 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=57324d72-8cea-4a8c-ac30-be1144801a38
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1344 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=57324d72-8cea-4a8c-ac30-be1144801a38
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1343 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=57324d72-8cea-4a8c-ac30-be1144801a38
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1342 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=57324d72-8cea-4a8c-ac30-be1144801a38
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1341 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=57324d72-8cea-4a8c-ac30-be1144801a38
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1340 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9be17a46-49a3-49e3-ad77-6db143c382fd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=175c730f-be54-484c-8b5a-465d297cea22
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1339 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f03de31-3b99-43fa-8be2-f0294980f1e6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bc9ae677-af29-4bd3-95d4-77ef6edc7a47
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1338 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f03de31-3b99-43fa-8be2-f0294980f1e6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bc9ae677-af29-4bd3-95d4-77ef6edc7a47
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1337 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f03de31-3b99-43fa-8be2-f0294980f1e6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1336 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f03de31-3b99-43fa-8be2-f0294980f1e6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1335 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f03de31-3b99-43fa-8be2-f0294980f1e6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1334 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f03de31-3b99-43fa-8be2-f0294980f1e6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1333 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f03de31-3b99-43fa-8be2-f0294980f1e6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1332 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f03de31-3b99-43fa-8be2-f0294980f1e6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1331 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f03de31-3b99-43fa-8be2-f0294980f1e6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1330 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f03de31-3b99-43fa-8be2-f0294980f1e6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1329 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9be17a46-49a3-49e3-ad77-6db143c382fd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=175c730f-be54-484c-8b5a-465d297cea22
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1328 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9be17a46-49a3-49e3-ad77-6db143c382fd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1327 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9be17a46-49a3-49e3-ad77-6db143c382fd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1326 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9be17a46-49a3-49e3-ad77-6db143c382fd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1325 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9be17a46-49a3-49e3-ad77-6db143c382fd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1324 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9be17a46-49a3-49e3-ad77-6db143c382fd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1323 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9be17a46-49a3-49e3-ad77-6db143c382fd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1322 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=56c6a72d-a781-4795-8abd-3e25ddb8fe2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=537b43b2-2b11-47b2-b57a-557619982041
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1321 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=24ceeacd-d024-421e-a56c-b082dc69d109
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3d51dfd2-c8ae-4ecc-8d46-625b82fb0434
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1320 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=24ceeacd-d024-421e-a56c-b082dc69d109
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1319 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=24ceeacd-d024-421e-a56c-b082dc69d109
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1318 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=24ceeacd-d024-421e-a56c-b082dc69d109
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1317 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=24ceeacd-d024-421e-a56c-b082dc69d109
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1316 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=24ceeacd-d024-421e-a56c-b082dc69d109
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1315 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=24ceeacd-d024-421e-a56c-b082dc69d109
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1314 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=24ceeacd-d024-421e-a56c-b082dc69d109
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1313 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=24ceeacd-d024-421e-a56c-b082dc69d109
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1312 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=56c6a72d-a781-4795-8abd-3e25ddb8fe2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=537b43b2-2b11-47b2-b57a-557619982041
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1311 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=56c6a72d-a781-4795-8abd-3e25ddb8fe2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1310 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=56c6a72d-a781-4795-8abd-3e25ddb8fe2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1309 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=56c6a72d-a781-4795-8abd-3e25ddb8fe2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1308 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=56c6a72d-a781-4795-8abd-3e25ddb8fe2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1307 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=56c6a72d-a781-4795-8abd-3e25ddb8fe2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1306 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=56c6a72d-a781-4795-8abd-3e25ddb8fe2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1305 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee4e9918-b509-4dc0-b18f-e55962db55c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c45798d7-4097-4860-86cf-191b4cf70e95
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1304 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4c44a16-ab9e-4832-9251-b9d744dac3ad
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=5.1.14393.1944
RunspaceId=b6c07fc7-5d2d-4c5d-ba4b-ed45f37895ba
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1303 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4c44a16-ab9e-4832-9251-b9d744dac3ad
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=5.1.14393.1944
RunspaceId=b6c07fc7-5d2d-4c5d-ba4b-ed45f37895ba
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1302 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4c44a16-ab9e-4832-9251-b9d744dac3ad
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1301 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4c44a16-ab9e-4832-9251-b9d744dac3ad
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1300 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4c44a16-ab9e-4832-9251-b9d744dac3ad
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1299 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4c44a16-ab9e-4832-9251-b9d744dac3ad
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1298 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4c44a16-ab9e-4832-9251-b9d744dac3ad
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1297 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4c44a16-ab9e-4832-9251-b9d744dac3ad
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1296 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=52a68f91-8bd6-4751-948e-705ad0df5fb5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d1dab897-d3a7-4c0d-9fcd-aaea80451ec6
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1295 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:27:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=52a68f91-8bd6-4751-948e-705ad0df5fb5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d1dab897-d3a7-4c0d-9fcd-aaea80451ec6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1294 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=52a68f91-8bd6-4751-948e-705ad0df5fb5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1293 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=52a68f91-8bd6-4751-948e-705ad0df5fb5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1292 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=52a68f91-8bd6-4751-948e-705ad0df5fb5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1291 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=52a68f91-8bd6-4751-948e-705ad0df5fb5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1290 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=52a68f91-8bd6-4751-948e-705ad0df5fb5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1289 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=52a68f91-8bd6-4751-948e-705ad0df5fb5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1288 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=52a68f91-8bd6-4751-948e-705ad0df5fb5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1287 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=52a68f91-8bd6-4751-948e-705ad0df5fb5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1286 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee4e9918-b509-4dc0-b18f-e55962db55c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c45798d7-4097-4860-86cf-191b4cf70e95
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1285 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee4e9918-b509-4dc0-b18f-e55962db55c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1284 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee4e9918-b509-4dc0-b18f-e55962db55c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1283 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee4e9918-b509-4dc0-b18f-e55962db55c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1282 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee4e9918-b509-4dc0-b18f-e55962db55c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1281 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee4e9918-b509-4dc0-b18f-e55962db55c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1280 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee4e9918-b509-4dc0-b18f-e55962db55c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1279 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=68870c55-48d1-4779-b354-1a11f57d0afa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=edf02c41-6e43-4598-89f5-217cc54c9e09
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1278 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=011efd88-9f83-41a6-a8b5-a4f8f4da05a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5e6a326e-d827-4c3e-a985-e2a15a4bd128
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1277 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=011efd88-9f83-41a6-a8b5-a4f8f4da05a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5e6a326e-d827-4c3e-a985-e2a15a4bd128
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1276 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=011efd88-9f83-41a6-a8b5-a4f8f4da05a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1275 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=011efd88-9f83-41a6-a8b5-a4f8f4da05a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1274 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=011efd88-9f83-41a6-a8b5-a4f8f4da05a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1273 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=011efd88-9f83-41a6-a8b5-a4f8f4da05a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1272 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=011efd88-9f83-41a6-a8b5-a4f8f4da05a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1271 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=011efd88-9f83-41a6-a8b5-a4f8f4da05a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1270 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=011efd88-9f83-41a6-a8b5-a4f8f4da05a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1269 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=011efd88-9f83-41a6-a8b5-a4f8f4da05a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1268 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=68870c55-48d1-4779-b354-1a11f57d0afa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=edf02c41-6e43-4598-89f5-217cc54c9e09
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1267 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=68870c55-48d1-4779-b354-1a11f57d0afa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1266 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=68870c55-48d1-4779-b354-1a11f57d0afa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1265 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=68870c55-48d1-4779-b354-1a11f57d0afa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1264 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=68870c55-48d1-4779-b354-1a11f57d0afa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1263 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=68870c55-48d1-4779-b354-1a11f57d0afa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1262 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=68870c55-48d1-4779-b354-1a11f57d0afa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1261 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=39422087-c0a3-4304-aafa-e0813acaa3f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ca993d4c-0cf9-4054-8432-9d4834121b3c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1260 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cec27408-c773-44e8-a2be-190f529e0b4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=462a31bb-9d8e-49f3-a9c7-ab7023b26964
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1259 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cec27408-c773-44e8-a2be-190f529e0b4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1258 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cec27408-c773-44e8-a2be-190f529e0b4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1257 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cec27408-c773-44e8-a2be-190f529e0b4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1256 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cec27408-c773-44e8-a2be-190f529e0b4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1255 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cec27408-c773-44e8-a2be-190f529e0b4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1254 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cec27408-c773-44e8-a2be-190f529e0b4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1253 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cec27408-c773-44e8-a2be-190f529e0b4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1252 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cec27408-c773-44e8-a2be-190f529e0b4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1251 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=39422087-c0a3-4304-aafa-e0813acaa3f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ca993d4c-0cf9-4054-8432-9d4834121b3c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1250 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=39422087-c0a3-4304-aafa-e0813acaa3f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1249 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=39422087-c0a3-4304-aafa-e0813acaa3f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1248 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=39422087-c0a3-4304-aafa-e0813acaa3f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1247 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=39422087-c0a3-4304-aafa-e0813acaa3f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1246 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=39422087-c0a3-4304-aafa-e0813acaa3f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1245 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=39422087-c0a3-4304-aafa-e0813acaa3f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1244 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=84fc80c4-a83e-4da6-8125-5e0439c78fb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9fd4e678-b66f-414c-a371-f3b94c10e255
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1243 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c5d20e1a-b426-45cc-83bb-f408c0886b9e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=5.1.14393.1944
RunspaceId=ee2f94a8-17e9-470d-8fa7-06325b6c87c3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1242 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c5d20e1a-b426-45cc-83bb-f408c0886b9e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=5.1.14393.1944
RunspaceId=ee2f94a8-17e9-470d-8fa7-06325b6c87c3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1241 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c5d20e1a-b426-45cc-83bb-f408c0886b9e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1240 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c5d20e1a-b426-45cc-83bb-f408c0886b9e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1239 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c5d20e1a-b426-45cc-83bb-f408c0886b9e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1238 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c5d20e1a-b426-45cc-83bb-f408c0886b9e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1237 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c5d20e1a-b426-45cc-83bb-f408c0886b9e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1236 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c5d20e1a-b426-45cc-83bb-f408c0886b9e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1235 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=459c233c-6e60-4808-9fd3-143fcfddb78d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0205eef7-4e31-45b0-9d1e-196b14e7911b
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1234 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=459c233c-6e60-4808-9fd3-143fcfddb78d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0205eef7-4e31-45b0-9d1e-196b14e7911b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1233 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=459c233c-6e60-4808-9fd3-143fcfddb78d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1232 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=459c233c-6e60-4808-9fd3-143fcfddb78d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1231 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=459c233c-6e60-4808-9fd3-143fcfddb78d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1230 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=459c233c-6e60-4808-9fd3-143fcfddb78d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1229 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=459c233c-6e60-4808-9fd3-143fcfddb78d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1228 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=459c233c-6e60-4808-9fd3-143fcfddb78d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1227 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=459c233c-6e60-4808-9fd3-143fcfddb78d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1226 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=459c233c-6e60-4808-9fd3-143fcfddb78d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1225 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=84fc80c4-a83e-4da6-8125-5e0439c78fb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9fd4e678-b66f-414c-a371-f3b94c10e255
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1224 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=84fc80c4-a83e-4da6-8125-5e0439c78fb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1223 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=84fc80c4-a83e-4da6-8125-5e0439c78fb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1222 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=84fc80c4-a83e-4da6-8125-5e0439c78fb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1221 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=84fc80c4-a83e-4da6-8125-5e0439c78fb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1220 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=84fc80c4-a83e-4da6-8125-5e0439c78fb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1219 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=84fc80c4-a83e-4da6-8125-5e0439c78fb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1218 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4130b811-c1d1-409a-999c-d3f7b36732fa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1fb86d74-22a2-4b92-9cfb-b72ccc1c1aab
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1217 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36601ec2-d5dd-4b8e-ab18-cd312c54a55d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c5547b57-1ac0-4356-a51f-8cec3033ed4f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1216 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36601ec2-d5dd-4b8e-ab18-cd312c54a55d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1215 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36601ec2-d5dd-4b8e-ab18-cd312c54a55d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1214 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36601ec2-d5dd-4b8e-ab18-cd312c54a55d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1213 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36601ec2-d5dd-4b8e-ab18-cd312c54a55d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1212 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36601ec2-d5dd-4b8e-ab18-cd312c54a55d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1211 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36601ec2-d5dd-4b8e-ab18-cd312c54a55d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1210 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36601ec2-d5dd-4b8e-ab18-cd312c54a55d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1209 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36601ec2-d5dd-4b8e-ab18-cd312c54a55d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1208 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4130b811-c1d1-409a-999c-d3f7b36732fa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1fb86d74-22a2-4b92-9cfb-b72ccc1c1aab
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1207 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4130b811-c1d1-409a-999c-d3f7b36732fa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1206 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4130b811-c1d1-409a-999c-d3f7b36732fa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1205 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4130b811-c1d1-409a-999c-d3f7b36732fa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1204 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4130b811-c1d1-409a-999c-d3f7b36732fa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1203 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4130b811-c1d1-409a-999c-d3f7b36732fa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1202 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4130b811-c1d1-409a-999c-d3f7b36732fa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1201 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fdcf3379-efa7-4be4-acf3-18cba7872a30
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b7996039-e593-4b08-8ba5-ad5e94bfadf2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1200 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ebfed6f-09d8-409f-ab3f-c2d925e566a7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=5.1.14393.1944
RunspaceId=5dc99bd5-4919-4845-bdde-33d671318391
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1199 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ebfed6f-09d8-409f-ab3f-c2d925e566a7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=5.1.14393.1944
RunspaceId=5dc99bd5-4919-4845-bdde-33d671318391
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1198 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ebfed6f-09d8-409f-ab3f-c2d925e566a7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1197 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ebfed6f-09d8-409f-ab3f-c2d925e566a7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1196 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ebfed6f-09d8-409f-ab3f-c2d925e566a7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1195 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ebfed6f-09d8-409f-ab3f-c2d925e566a7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1194 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ebfed6f-09d8-409f-ab3f-c2d925e566a7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1193 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ebfed6f-09d8-409f-ab3f-c2d925e566a7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1192 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3da4fdc5-edf4-45e8-832a-af447cbfed3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=61ac38a7-8821-4d4b-93e7-53437a196cba
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1191 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3da4fdc5-edf4-45e8-832a-af447cbfed3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=61ac38a7-8821-4d4b-93e7-53437a196cba
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1190 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3da4fdc5-edf4-45e8-832a-af447cbfed3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1189 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3da4fdc5-edf4-45e8-832a-af447cbfed3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1188 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3da4fdc5-edf4-45e8-832a-af447cbfed3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1187 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3da4fdc5-edf4-45e8-832a-af447cbfed3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1186 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3da4fdc5-edf4-45e8-832a-af447cbfed3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1185 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3da4fdc5-edf4-45e8-832a-af447cbfed3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1184 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3da4fdc5-edf4-45e8-832a-af447cbfed3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1183 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3da4fdc5-edf4-45e8-832a-af447cbfed3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1182 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:26:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fdcf3379-efa7-4be4-acf3-18cba7872a30
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b7996039-e593-4b08-8ba5-ad5e94bfadf2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1181 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fdcf3379-efa7-4be4-acf3-18cba7872a30
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1180 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fdcf3379-efa7-4be4-acf3-18cba7872a30
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1179 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fdcf3379-efa7-4be4-acf3-18cba7872a30
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1178 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fdcf3379-efa7-4be4-acf3-18cba7872a30
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1177 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fdcf3379-efa7-4be4-acf3-18cba7872a30
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1176 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fdcf3379-efa7-4be4-acf3-18cba7872a30
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1175 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=84638607-65c3-4b62-9591-f8f27a4f07b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=efeefb4f-92fa-4d61-8413-e98db55c484b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1174 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab4dd454-0b65-4ac9-9f56-24779a159251
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c87c1dae-22e1-4168-944f-98f1413ac23e
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1173 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab4dd454-0b65-4ac9-9f56-24779a159251
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c87c1dae-22e1-4168-944f-98f1413ac23e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1172 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab4dd454-0b65-4ac9-9f56-24779a159251
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1171 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab4dd454-0b65-4ac9-9f56-24779a159251
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1170 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab4dd454-0b65-4ac9-9f56-24779a159251
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1169 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab4dd454-0b65-4ac9-9f56-24779a159251
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1168 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab4dd454-0b65-4ac9-9f56-24779a159251
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1167 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab4dd454-0b65-4ac9-9f56-24779a159251
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1166 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab4dd454-0b65-4ac9-9f56-24779a159251
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1165 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab4dd454-0b65-4ac9-9f56-24779a159251
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1164 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=84638607-65c3-4b62-9591-f8f27a4f07b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=efeefb4f-92fa-4d61-8413-e98db55c484b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1163 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=84638607-65c3-4b62-9591-f8f27a4f07b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1162 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=84638607-65c3-4b62-9591-f8f27a4f07b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1161 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=84638607-65c3-4b62-9591-f8f27a4f07b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1160 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=84638607-65c3-4b62-9591-f8f27a4f07b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1159 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=84638607-65c3-4b62-9591-f8f27a4f07b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1158 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=84638607-65c3-4b62-9591-f8f27a4f07b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1157 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75e7b54b-a8f3-4d5d-aa67-16c948305110
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f34e42c4-7270-414e-a363-76a1a803263c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1156 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=376870cd-f1f3-4fce-8fd1-645bd3eb19c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=175256ba-ceff-4dfc-bd3c-3a235de8e90b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1155 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=376870cd-f1f3-4fce-8fd1-645bd3eb19c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1154 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=376870cd-f1f3-4fce-8fd1-645bd3eb19c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1153 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=376870cd-f1f3-4fce-8fd1-645bd3eb19c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1152 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=376870cd-f1f3-4fce-8fd1-645bd3eb19c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1151 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=376870cd-f1f3-4fce-8fd1-645bd3eb19c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1150 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=376870cd-f1f3-4fce-8fd1-645bd3eb19c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1149 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=376870cd-f1f3-4fce-8fd1-645bd3eb19c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1148 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=376870cd-f1f3-4fce-8fd1-645bd3eb19c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1147 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75e7b54b-a8f3-4d5d-aa67-16c948305110
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f34e42c4-7270-414e-a363-76a1a803263c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1146 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75e7b54b-a8f3-4d5d-aa67-16c948305110
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1145 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75e7b54b-a8f3-4d5d-aa67-16c948305110
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1144 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75e7b54b-a8f3-4d5d-aa67-16c948305110
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1143 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75e7b54b-a8f3-4d5d-aa67-16c948305110
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1142 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75e7b54b-a8f3-4d5d-aa67-16c948305110
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1141 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75e7b54b-a8f3-4d5d-aa67-16c948305110
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1140 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=17b2c41b-18f3-47b6-8702-c562bc813cea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA1AEEARABRAEEATwBBAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAEkAQQBNAEEAQQAyAEEARABVAEEATQBnAEEAegBBAEQATQBBAE4AUQBBADUAQQBEAGMAQQBPAFEAQQB6AEEARABRAEEATQBRAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=4914e532-745f-4988-9c9f-f45120b62d19
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1139 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5ff720d-0832-496a-a2cc-dc7ec1c06076
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADQAOAAuADYAOAAtADIAMAA2ADUAMgAzADMANQA5ADcAOQAzADQAMQA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=604df425-a455-48fd-a51c-dfb8325c7535
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1138 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5ff720d-0832-496a-a2cc-dc7ec1c06076
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADQAOAAuADYAOAAtADIAMAA2ADUAMgAzADMANQA5ADcAOQAzADQAMQA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=604df425-a455-48fd-a51c-dfb8325c7535
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1137 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5ff720d-0832-496a-a2cc-dc7ec1c06076
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADQAOAAuADYAOAAtADIAMAA2ADUAMgAzADMANQA5ADcAOQAzADQAMQA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1136 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5ff720d-0832-496a-a2cc-dc7ec1c06076
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADQAOAAuADYAOAAtADIAMAA2ADUAMgAzADMANQA5ADcAOQAzADQAMQA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1135 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5ff720d-0832-496a-a2cc-dc7ec1c06076
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADQAOAAuADYAOAAtADIAMAA2ADUAMgAzADMANQA5ADcAOQAzADQAMQA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1134 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5ff720d-0832-496a-a2cc-dc7ec1c06076
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADQAOAAuADYAOAAtADIAMAA2ADUAMgAzADMANQA5ADcAOQAzADQAMQA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1133 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5ff720d-0832-496a-a2cc-dc7ec1c06076
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADQAOAAuADYAOAAtADIAMAA2ADUAMgAzADMANQA5ADcAOQAzADQAMQA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1132 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5ff720d-0832-496a-a2cc-dc7ec1c06076
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADQAOAAuADYAOAAtADIAMAA2ADUAMgAzADMANQA5ADcAOQAzADQAMQA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1131 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=17b2c41b-18f3-47b6-8702-c562bc813cea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA1AEEARABRAEEATwBBAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAEkAQQBNAEEAQQAyAEEARABVAEEATQBnAEEAegBBAEQATQBBAE4AUQBBADUAQQBEAGMAQQBPAFEAQQB6AEEARABRAEEATQBRAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=4914e532-745f-4988-9c9f-f45120b62d19
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1130 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=17b2c41b-18f3-47b6-8702-c562bc813cea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA1AEEARABRAEEATwBBAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAEkAQQBNAEEAQQAyAEEARABVAEEATQBnAEEAegBBAEQATQBBAE4AUQBBADUAQQBEAGMAQQBPAFEAQQB6AEEARABRAEEATQBRAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1129 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=17b2c41b-18f3-47b6-8702-c562bc813cea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA1AEEARABRAEEATwBBAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAEkAQQBNAEEAQQAyAEEARABVAEEATQBnAEEAegBBAEQATQBBAE4AUQBBADUAQQBEAGMAQQBPAFEAQQB6AEEARABRAEEATQBRAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1128 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=17b2c41b-18f3-47b6-8702-c562bc813cea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA1AEEARABRAEEATwBBAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAEkAQQBNAEEAQQAyAEEARABVAEEATQBnAEEAegBBAEQATQBBAE4AUQBBADUAQQBEAGMAQQBPAFEAQQB6AEEARABRAEEATQBRAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1127 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=17b2c41b-18f3-47b6-8702-c562bc813cea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA1AEEARABRAEEATwBBAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAEkAQQBNAEEAQQAyAEEARABVAEEATQBnAEEAegBBAEQATQBBAE4AUQBBADUAQQBEAGMAQQBPAFEAQQB6AEEARABRAEEATQBRAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1126 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=17b2c41b-18f3-47b6-8702-c562bc813cea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA1AEEARABRAEEATwBBAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAEkAQQBNAEEAQQAyAEEARABVAEEATQBnAEEAegBBAEQATQBBAE4AUQBBADUAQQBEAGMAQQBPAFEAQQB6AEEARABRAEEATQBRAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1125 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=17b2c41b-18f3-47b6-8702-c562bc813cea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA1AEEARABRAEEATwBBAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAEkAQQBNAEEAQQAyAEEARABVAEEATQBnAEEAegBBAEQATQBBAE4AUQBBADUAQQBEAGMAQQBPAFEAQQB6AEEARABRAEEATQBRAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1124 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=303bba7b-bca7-44e2-a4ea-529c067ff9c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=cc9ed1a1-85db-4f42-8c6d-4057baa936df
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1123 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=53fdcdb1-ff68-4818-a3ec-52fe4e8b271b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=51ab26d6-9a2f-4815-8392-ed41ba20c120
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1122 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=53fdcdb1-ff68-4818-a3ec-52fe4e8b271b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1121 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=53fdcdb1-ff68-4818-a3ec-52fe4e8b271b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1120 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=53fdcdb1-ff68-4818-a3ec-52fe4e8b271b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1119 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=53fdcdb1-ff68-4818-a3ec-52fe4e8b271b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1118 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=53fdcdb1-ff68-4818-a3ec-52fe4e8b271b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1117 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=53fdcdb1-ff68-4818-a3ec-52fe4e8b271b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1116 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=53fdcdb1-ff68-4818-a3ec-52fe4e8b271b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1115 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=53fdcdb1-ff68-4818-a3ec-52fe4e8b271b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1114 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=303bba7b-bca7-44e2-a4ea-529c067ff9c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=cc9ed1a1-85db-4f42-8c6d-4057baa936df
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1113 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=303bba7b-bca7-44e2-a4ea-529c067ff9c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1112 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=303bba7b-bca7-44e2-a4ea-529c067ff9c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1111 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=303bba7b-bca7-44e2-a4ea-529c067ff9c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1110 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=303bba7b-bca7-44e2-a4ea-529c067ff9c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1109 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=303bba7b-bca7-44e2-a4ea-529c067ff9c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1108 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=303bba7b-bca7-44e2-a4ea-529c067ff9c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1107 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1b87d77-95ef-49e4-b26e-b12547521166
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADQAOAAuADYAOAAtADIAMAA2ADUAMgAzADMANQA5ADcAOQAzADQAMQA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=5b49af44-fdbc-4b8a-8e5d-96732c569936
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1106 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1b87d77-95ef-49e4-b26e-b12547521166
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADQAOAAuADYAOAAtADIAMAA2ADUAMgAzADMANQA5ADcAOQAzADQAMQA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=5b49af44-fdbc-4b8a-8e5d-96732c569936
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1105 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1b87d77-95ef-49e4-b26e-b12547521166
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADQAOAAuADYAOAAtADIAMAA2ADUAMgAzADMANQA5ADcAOQAzADQAMQA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1104 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1b87d77-95ef-49e4-b26e-b12547521166
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADQAOAAuADYAOAAtADIAMAA2ADUAMgAzADMANQA5ADcAOQAzADQAMQA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1103 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1b87d77-95ef-49e4-b26e-b12547521166
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADQAOAAuADYAOAAtADIAMAA2ADUAMgAzADMANQA5ADcAOQAzADQAMQA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1102 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1b87d77-95ef-49e4-b26e-b12547521166
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADQAOAAuADYAOAAtADIAMAA2ADUAMgAzADMANQA5ADcAOQAzADQAMQA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1101 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1b87d77-95ef-49e4-b26e-b12547521166
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADQAOAAuADYAOAAtADIAMAA2ADUAMgAzADMANQA5ADcAOQAzADQAMQA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1100 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1b87d77-95ef-49e4-b26e-b12547521166
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADQAOAAuADYAOAAtADIAMAA2ADUAMgAzADMANQA5ADcAOQAzADQAMQA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1099 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa9a2553-6c68-43eb-9ee0-78982cfddc0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGsAQQBOAEEAQQA0AEEAQwA0AEEATgBnAEEANABBAEMAMABBAE0AZwBBAHcAQQBEAFkAQQBOAFEAQQB5AEEARABNAEEATQB3AEEAMQBBAEQAawBBAE4AdwBBADUAQQBEAE0AQQBOAEEAQQB4AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=7122926d-f5c0-48ce-bdaa-b7c8d555971b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1098 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8294411e-49ee-4393-a75a-1e26eeb2d965
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADkANAA4AC4ANgA4AC0AMgAwADYANQAyADMAMwA1ADkANwA5ADMANAAxADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=01c52f43-9784-4b5b-9c1a-278a1c052a6d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1097 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8294411e-49ee-4393-a75a-1e26eeb2d965
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADkANAA4AC4ANgA4AC0AMgAwADYANQAyADMAMwA1ADkANwA5ADMANAAxADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=01c52f43-9784-4b5b-9c1a-278a1c052a6d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1096 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8294411e-49ee-4393-a75a-1e26eeb2d965
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADkANAA4AC4ANgA4AC0AMgAwADYANQAyADMAMwA1ADkANwA5ADMANAAxADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1095 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8294411e-49ee-4393-a75a-1e26eeb2d965
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADkANAA4AC4ANgA4AC0AMgAwADYANQAyADMAMwA1ADkANwA5ADMANAAxADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1094 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8294411e-49ee-4393-a75a-1e26eeb2d965
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADkANAA4AC4ANgA4AC0AMgAwADYANQAyADMAMwA1ADkANwA5ADMANAAxADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1093 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8294411e-49ee-4393-a75a-1e26eeb2d965
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADkANAA4AC4ANgA4AC0AMgAwADYANQAyADMAMwA1ADkANwA5ADMANAAxADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1092 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8294411e-49ee-4393-a75a-1e26eeb2d965
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADkANAA4AC4ANgA4AC0AMgAwADYANQAyADMAMwA1ADkANwA5ADMANAAxADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1091 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8294411e-49ee-4393-a75a-1e26eeb2d965
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADkANAA4AC4ANgA4AC0AMgAwADYANQAyADMAMwA1ADkANwA5ADMANAAxADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1090 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa9a2553-6c68-43eb-9ee0-78982cfddc0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGsAQQBOAEEAQQA0AEEAQwA0AEEATgBnAEEANABBAEMAMABBAE0AZwBBAHcAQQBEAFkAQQBOAFEAQQB5AEEARABNAEEATQB3AEEAMQBBAEQAawBBAE4AdwBBADUAQQBEAE0AQQBOAEEAQQB4AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=7122926d-f5c0-48ce-bdaa-b7c8d555971b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1089 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa9a2553-6c68-43eb-9ee0-78982cfddc0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGsAQQBOAEEAQQA0AEEAQwA0AEEATgBnAEEANABBAEMAMABBAE0AZwBBAHcAQQBEAFkAQQBOAFEAQQB5AEEARABNAEEATQB3AEEAMQBBAEQAawBBAE4AdwBBADUAQQBEAE0AQQBOAEEAQQB4AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1088 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa9a2553-6c68-43eb-9ee0-78982cfddc0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGsAQQBOAEEAQQA0AEEAQwA0AEEATgBnAEEANABBAEMAMABBAE0AZwBBAHcAQQBEAFkAQQBOAFEAQQB5AEEARABNAEEATQB3AEEAMQBBAEQAawBBAE4AdwBBADUAQQBEAE0AQQBOAEEAQQB4AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1087 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa9a2553-6c68-43eb-9ee0-78982cfddc0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGsAQQBOAEEAQQA0AEEAQwA0AEEATgBnAEEANABBAEMAMABBAE0AZwBBAHcAQQBEAFkAQQBOAFEAQQB5AEEARABNAEEATQB3AEEAMQBBAEQAawBBAE4AdwBBADUAQQBEAE0AQQBOAEEAQQB4AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1086 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa9a2553-6c68-43eb-9ee0-78982cfddc0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGsAQQBOAEEAQQA0AEEAQwA0AEEATgBnAEEANABBAEMAMABBAE0AZwBBAHcAQQBEAFkAQQBOAFEAQQB5AEEARABNAEEATQB3AEEAMQBBAEQAawBBAE4AdwBBADUAQQBEAE0AQQBOAEEAQQB4AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1085 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa9a2553-6c68-43eb-9ee0-78982cfddc0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGsAQQBOAEEAQQA0AEEAQwA0AEEATgBnAEEANABBAEMAMABBAE0AZwBBAHcAQQBEAFkAQQBOAFEAQQB5AEEARABNAEEATQB3AEEAMQBBAEQAawBBAE4AdwBBADUAQQBEAE0AQQBOAEEAQQB4AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1084 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa9a2553-6c68-43eb-9ee0-78982cfddc0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGsAQQBOAEEAQQA0AEEAQwA0AEEATgBnAEEANABBAEMAMABBAE0AZwBBAHcAQQBEAFkAQQBOAFEAQQB5AEEARABNAEEATQB3AEEAMQBBAEQAawBBAE4AdwBBADUAQQBEAE0AQQBOAEEAQQB4AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1083 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b153f0ba-c42b-4d4e-853a-63ddd4314c04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=da6b661e-8122-4fff-bcda-d1fbba6a1bc0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1082 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=20d2ebdf-7483-43d9-9813-85665ed1d5a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2299253a-1ff3-4770-af98-83fa59c63c26
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1081 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=20d2ebdf-7483-43d9-9813-85665ed1d5a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1080 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=20d2ebdf-7483-43d9-9813-85665ed1d5a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1079 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=20d2ebdf-7483-43d9-9813-85665ed1d5a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1078 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=20d2ebdf-7483-43d9-9813-85665ed1d5a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1077 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=20d2ebdf-7483-43d9-9813-85665ed1d5a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1076 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=20d2ebdf-7483-43d9-9813-85665ed1d5a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1075 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=20d2ebdf-7483-43d9-9813-85665ed1d5a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1074 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=20d2ebdf-7483-43d9-9813-85665ed1d5a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1073 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b153f0ba-c42b-4d4e-853a-63ddd4314c04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=da6b661e-8122-4fff-bcda-d1fbba6a1bc0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1072 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b153f0ba-c42b-4d4e-853a-63ddd4314c04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1071 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b153f0ba-c42b-4d4e-853a-63ddd4314c04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1070 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b153f0ba-c42b-4d4e-853a-63ddd4314c04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1069 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b153f0ba-c42b-4d4e-853a-63ddd4314c04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1068 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b153f0ba-c42b-4d4e-853a-63ddd4314c04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1067 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b153f0ba-c42b-4d4e-853a-63ddd4314c04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1066 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=01cada24-11c3-43ab-b227-5f8ff9b7d81b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3f31224d-bbfc-4920-bf45-8074f18f6fee
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1065 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f059d77-10e9-4843-b0fc-0f4c7ad4232f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA=
EngineVersion=5.1.14393.1944
RunspaceId=4f16dc38-3b95-4041-9457-973c7e30457a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1064 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f059d77-10e9-4843-b0fc-0f4c7ad4232f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA=
EngineVersion=5.1.14393.1944
RunspaceId=4f16dc38-3b95-4041-9457-973c7e30457a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1063 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f059d77-10e9-4843-b0fc-0f4c7ad4232f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1062 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f059d77-10e9-4843-b0fc-0f4c7ad4232f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1061 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f059d77-10e9-4843-b0fc-0f4c7ad4232f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1060 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f059d77-10e9-4843-b0fc-0f4c7ad4232f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1059 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f059d77-10e9-4843-b0fc-0f4c7ad4232f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1058 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f059d77-10e9-4843-b0fc-0f4c7ad4232f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAAIAAtAC0AbgBvAC0AcwBlAHQAdQBwAHQAbwBvAGwAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1057 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79e03eae-91f7-4444-97a6-880e926de66c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f0061d46-00c4-4dc1-be98-742c9b59d595
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1056 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79e03eae-91f7-4444-97a6-880e926de66c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f0061d46-00c4-4dc1-be98-742c9b59d595
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1055 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79e03eae-91f7-4444-97a6-880e926de66c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1054 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79e03eae-91f7-4444-97a6-880e926de66c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1053 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79e03eae-91f7-4444-97a6-880e926de66c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1052 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79e03eae-91f7-4444-97a6-880e926de66c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1051 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79e03eae-91f7-4444-97a6-880e926de66c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1050 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79e03eae-91f7-4444-97a6-880e926de66c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1049 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79e03eae-91f7-4444-97a6-880e926de66c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1048 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79e03eae-91f7-4444-97a6-880e926de66c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1047 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=01cada24-11c3-43ab-b227-5f8ff9b7d81b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3f31224d-bbfc-4920-bf45-8074f18f6fee
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1046 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=01cada24-11c3-43ab-b227-5f8ff9b7d81b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1045 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=01cada24-11c3-43ab-b227-5f8ff9b7d81b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1044 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=01cada24-11c3-43ab-b227-5f8ff9b7d81b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1043 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=01cada24-11c3-43ab-b227-5f8ff9b7d81b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1042 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=01cada24-11c3-43ab-b227-5f8ff9b7d81b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1041 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=01cada24-11c3-43ab-b227-5f8ff9b7d81b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1040 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c83399bf-e232-459a-afbc-8aca7165eb0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA1AEEARABJAEEATQBnAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEkAQQBNAGcAQQAxAEEARABVAEEATwBRAEEAMQBBAEQAZwBBAE0AQQBBADIAQQBEAFEAQQBOAHcAQQB3AEEARABnAEEATwBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=f3f02062-da60-4484-8409-9b82ae3d318b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1039 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb1d59e0-8b48-4c57-be03-44b676412adb
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADIAMgAuADcAMwAtADIAMgA1ADUAOQA1ADgAMAA2ADQANwAwADgAOAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=61b0ffaf-4a80-48bf-b844-7132f016b7ec
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1038 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb1d59e0-8b48-4c57-be03-44b676412adb
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADIAMgAuADcAMwAtADIAMgA1ADUAOQA1ADgAMAA2ADQANwAwADgAOAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=61b0ffaf-4a80-48bf-b844-7132f016b7ec
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1037 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb1d59e0-8b48-4c57-be03-44b676412adb
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADIAMgAuADcAMwAtADIAMgA1ADUAOQA1ADgAMAA2ADQANwAwADgAOAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1036 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb1d59e0-8b48-4c57-be03-44b676412adb
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADIAMgAuADcAMwAtADIAMgA1ADUAOQA1ADgAMAA2ADQANwAwADgAOAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1035 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb1d59e0-8b48-4c57-be03-44b676412adb
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADIAMgAuADcAMwAtADIAMgA1ADUAOQA1ADgAMAA2ADQANwAwADgAOAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1034 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb1d59e0-8b48-4c57-be03-44b676412adb
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADIAMgAuADcAMwAtADIAMgA1ADUAOQA1ADgAMAA2ADQANwAwADgAOAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1033 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb1d59e0-8b48-4c57-be03-44b676412adb
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADIAMgAuADcAMwAtADIAMgA1ADUAOQA1ADgAMAA2ADQANwAwADgAOAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1032 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb1d59e0-8b48-4c57-be03-44b676412adb
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADIAMgAuADcAMwAtADIAMgA1ADUAOQA1ADgAMAA2ADQANwAwADgAOAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1031 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c83399bf-e232-459a-afbc-8aca7165eb0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA1AEEARABJAEEATQBnAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEkAQQBNAGcAQQAxAEEARABVAEEATwBRAEEAMQBBAEQAZwBBAE0AQQBBADIAQQBEAFEAQQBOAHcAQQB3AEEARABnAEEATwBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=f3f02062-da60-4484-8409-9b82ae3d318b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1030 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c83399bf-e232-459a-afbc-8aca7165eb0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA1AEEARABJAEEATQBnAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEkAQQBNAGcAQQAxAEEARABVAEEATwBRAEEAMQBBAEQAZwBBAE0AQQBBADIAQQBEAFEAQQBOAHcAQQB3AEEARABnAEEATwBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1029 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c83399bf-e232-459a-afbc-8aca7165eb0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA1AEEARABJAEEATQBnAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEkAQQBNAGcAQQAxAEEARABVAEEATwBRAEEAMQBBAEQAZwBBAE0AQQBBADIAQQBEAFEAQQBOAHcAQQB3AEEARABnAEEATwBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1028 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c83399bf-e232-459a-afbc-8aca7165eb0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA1AEEARABJAEEATQBnAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEkAQQBNAGcAQQAxAEEARABVAEEATwBRAEEAMQBBAEQAZwBBAE0AQQBBADIAQQBEAFEAQQBOAHcAQQB3AEEARABnAEEATwBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1027 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c83399bf-e232-459a-afbc-8aca7165eb0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA1AEEARABJAEEATQBnAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEkAQQBNAGcAQQAxAEEARABVAEEATwBRAEEAMQBBAEQAZwBBAE0AQQBBADIAQQBEAFEAQQBOAHcAQQB3AEEARABnAEEATwBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1026 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c83399bf-e232-459a-afbc-8aca7165eb0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA1AEEARABJAEEATQBnAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEkAQQBNAGcAQQAxAEEARABVAEEATwBRAEEAMQBBAEQAZwBBAE0AQQBBADIAQQBEAFEAQQBOAHcAQQB3AEEARABnAEEATwBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1025 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c83399bf-e232-459a-afbc-8aca7165eb0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA1AEEARABJAEEATQBnAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEkAQQBNAGcAQQAxAEEARABVAEEATwBRAEEAMQBBAEQAZwBBAE0AQQBBADIAQQBEAFEAQQBOAHcAQQB3AEEARABnAEEATwBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1024 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=68c4dbf3-e3bf-44b7-9a0f-d7a98fc28ea9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=429514a9-914f-47fb-ac0f-167aaad82892
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1023 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9e5f1dd3-6bd4-4490-a814-9503e8f31226
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b6837ffe-23fe-450e-add8-e15d6d164b7b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1022 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9e5f1dd3-6bd4-4490-a814-9503e8f31226
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1021 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9e5f1dd3-6bd4-4490-a814-9503e8f31226
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1020 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9e5f1dd3-6bd4-4490-a814-9503e8f31226
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1019 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9e5f1dd3-6bd4-4490-a814-9503e8f31226
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1018 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9e5f1dd3-6bd4-4490-a814-9503e8f31226
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1017 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9e5f1dd3-6bd4-4490-a814-9503e8f31226
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1016 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9e5f1dd3-6bd4-4490-a814-9503e8f31226
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1015 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9e5f1dd3-6bd4-4490-a814-9503e8f31226
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1014 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=68c4dbf3-e3bf-44b7-9a0f-d7a98fc28ea9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=429514a9-914f-47fb-ac0f-167aaad82892
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1013 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=68c4dbf3-e3bf-44b7-9a0f-d7a98fc28ea9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1012 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=68c4dbf3-e3bf-44b7-9a0f-d7a98fc28ea9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1011 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=68c4dbf3-e3bf-44b7-9a0f-d7a98fc28ea9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1010 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=68c4dbf3-e3bf-44b7-9a0f-d7a98fc28ea9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1009 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=68c4dbf3-e3bf-44b7-9a0f-d7a98fc28ea9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1008 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=68c4dbf3-e3bf-44b7-9a0f-d7a98fc28ea9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1007 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d1a66de-a44e-409a-b300-bca7a19d4ff6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADIAMgAuADcAMwAtADIAMgA1ADUAOQA1ADgAMAA2ADQANwAwADgAOAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=846ca298-e9d3-47ad-b488-a6311817fe1e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1006 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d1a66de-a44e-409a-b300-bca7a19d4ff6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADIAMgAuADcAMwAtADIAMgA1ADUAOQA1ADgAMAA2ADQANwAwADgAOAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=846ca298-e9d3-47ad-b488-a6311817fe1e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1005 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d1a66de-a44e-409a-b300-bca7a19d4ff6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADIAMgAuADcAMwAtADIAMgA1ADUAOQA1ADgAMAA2ADQANwAwADgAOAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1004 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d1a66de-a44e-409a-b300-bca7a19d4ff6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADIAMgAuADcAMwAtADIAMgA1ADUAOQA1ADgAMAA2ADQANwAwADgAOAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1003 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d1a66de-a44e-409a-b300-bca7a19d4ff6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADIAMgAuADcAMwAtADIAMgA1ADUAOQA1ADgAMAA2ADQANwAwADgAOAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1002 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d1a66de-a44e-409a-b300-bca7a19d4ff6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADIAMgAuADcAMwAtADIAMgA1ADUAOQA1ADgAMAA2ADQANwAwADgAOAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1001 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d1a66de-a44e-409a-b300-bca7a19d4ff6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADIAMgAuADcAMwAtADIAMgA1ADUAOQA1ADgAMAA2ADQANwAwADgAOAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1000 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d1a66de-a44e-409a-b300-bca7a19d4ff6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA5ADIAMgAuADcAMwAtADIAMgA1ADUAOQA1ADgAMAA2ADQANwAwADgAOAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 999 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fde249e9-c2d0-42f1-b9d3-3c2f48c56018
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGsAQQBNAGcAQQB5AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AZwBBAHkAQQBEAFUAQQBOAFEAQQA1AEEARABVAEEATwBBAEEAdwBBAEQAWQBBAE4AQQBBADMAQQBEAEEAQQBPAEEAQQA0AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=cdcb6463-e3a2-4029-8921-f94efef879d3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 998 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08e40920-7283-4396-a74b-cff69c67d728
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADkAMgAyAC4ANwAzAC0AMgAyADUANQA5ADUAOAAwADYANAA3ADAAOAA4ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=a72d504e-8b41-4a21-a24a-1a69a16f0de9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 997 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08e40920-7283-4396-a74b-cff69c67d728
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADkAMgAyAC4ANwAzAC0AMgAyADUANQA5ADUAOAAwADYANAA3ADAAOAA4ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=a72d504e-8b41-4a21-a24a-1a69a16f0de9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 996 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08e40920-7283-4396-a74b-cff69c67d728
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADkAMgAyAC4ANwAzAC0AMgAyADUANQA5ADUAOAAwADYANAA3ADAAOAA4ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 995 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08e40920-7283-4396-a74b-cff69c67d728
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADkAMgAyAC4ANwAzAC0AMgAyADUANQA5ADUAOAAwADYANAA3ADAAOAA4ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 994 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08e40920-7283-4396-a74b-cff69c67d728
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADkAMgAyAC4ANwAzAC0AMgAyADUANQA5ADUAOAAwADYANAA3ADAAOAA4ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 993 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08e40920-7283-4396-a74b-cff69c67d728
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADkAMgAyAC4ANwAzAC0AMgAyADUANQA5ADUAOAAwADYANAA3ADAAOAA4ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 992 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08e40920-7283-4396-a74b-cff69c67d728
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADkAMgAyAC4ANwAzAC0AMgAyADUANQA5ADUAOAAwADYANAA3ADAAOAA4ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 991 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08e40920-7283-4396-a74b-cff69c67d728
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADkAMgAyAC4ANwAzAC0AMgAyADUANQA5ADUAOAAwADYANAA3ADAAOAA4ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 990 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fde249e9-c2d0-42f1-b9d3-3c2f48c56018
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGsAQQBNAGcAQQB5AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AZwBBAHkAQQBEAFUAQQBOAFEAQQA1AEEARABVAEEATwBBAEEAdwBBAEQAWQBBAE4AQQBBADMAQQBEAEEAQQBPAEEAQQA0AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=cdcb6463-e3a2-4029-8921-f94efef879d3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 989 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fde249e9-c2d0-42f1-b9d3-3c2f48c56018
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGsAQQBNAGcAQQB5AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AZwBBAHkAQQBEAFUAQQBOAFEAQQA1AEEARABVAEEATwBBAEEAdwBBAEQAWQBBAE4AQQBBADMAQQBEAEEAQQBPAEEAQQA0AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 988 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fde249e9-c2d0-42f1-b9d3-3c2f48c56018
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGsAQQBNAGcAQQB5AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AZwBBAHkAQQBEAFUAQQBOAFEAQQA1AEEARABVAEEATwBBAEEAdwBBAEQAWQBBAE4AQQBBADMAQQBEAEEAQQBPAEEAQQA0AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 987 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fde249e9-c2d0-42f1-b9d3-3c2f48c56018
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGsAQQBNAGcAQQB5AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AZwBBAHkAQQBEAFUAQQBOAFEAQQA1AEEARABVAEEATwBBAEEAdwBBAEQAWQBBAE4AQQBBADMAQQBEAEEAQQBPAEEAQQA0AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 986 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fde249e9-c2d0-42f1-b9d3-3c2f48c56018
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGsAQQBNAGcAQQB5AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AZwBBAHkAQQBEAFUAQQBOAFEAQQA1AEEARABVAEEATwBBAEEAdwBBAEQAWQBBAE4AQQBBADMAQQBEAEEAQQBPAEEAQQA0AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 985 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fde249e9-c2d0-42f1-b9d3-3c2f48c56018
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGsAQQBNAGcAQQB5AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AZwBBAHkAQQBEAFUAQQBOAFEAQQA1AEEARABVAEEATwBBAEEAdwBBAEQAWQBBAE4AQQBBADMAQQBEAEEAQQBPAEEAQQA0AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 984 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fde249e9-c2d0-42f1-b9d3-3c2f48c56018
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGsAQQBNAGcAQQB5AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AZwBBAHkAQQBEAFUAQQBOAFEAQQA1AEEARABVAEEATwBBAEEAdwBBAEQAWQBBAE4AQQBBADMAQQBEAEEAQQBPAEEAQQA0AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 983 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0bc1a7f4-76e7-46b7-a6a9-075e7c834f60
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=26240f27-6ccb-47b5-957f-a78390cb5a59
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 982 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8220b94a-f5a6-4a65-afe2-7de066b3b86f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0d53c3c8-5a21-4137-9f5b-f23a803381d2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 981 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8220b94a-f5a6-4a65-afe2-7de066b3b86f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 980 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8220b94a-f5a6-4a65-afe2-7de066b3b86f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 979 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8220b94a-f5a6-4a65-afe2-7de066b3b86f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 978 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8220b94a-f5a6-4a65-afe2-7de066b3b86f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 977 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8220b94a-f5a6-4a65-afe2-7de066b3b86f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 976 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8220b94a-f5a6-4a65-afe2-7de066b3b86f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 975 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8220b94a-f5a6-4a65-afe2-7de066b3b86f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 974 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8220b94a-f5a6-4a65-afe2-7de066b3b86f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 973 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0bc1a7f4-76e7-46b7-a6a9-075e7c834f60
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=26240f27-6ccb-47b5-957f-a78390cb5a59
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 972 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0bc1a7f4-76e7-46b7-a6a9-075e7c834f60
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 971 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0bc1a7f4-76e7-46b7-a6a9-075e7c834f60
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 970 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0bc1a7f4-76e7-46b7-a6a9-075e7c834f60
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 969 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0bc1a7f4-76e7-46b7-a6a9-075e7c834f60
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 968 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0bc1a7f4-76e7-46b7-a6a9-075e7c834f60
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 967 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0bc1a7f4-76e7-46b7-a6a9-075e7c834f60
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 966 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90e5bf1f-ea39-402c-b594-6c20e20fcb32
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5d96949e-6fc7-4644-b2fc-92bf010c304a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 965 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=32562091-7410-4bea-a1c4-d1aa594319e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=74fa6330-32e6-4caf-bf2a-4ca4075ec113
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 964 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=32562091-7410-4bea-a1c4-d1aa594319e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=74fa6330-32e6-4caf-bf2a-4ca4075ec113
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 963 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=32562091-7410-4bea-a1c4-d1aa594319e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 962 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=32562091-7410-4bea-a1c4-d1aa594319e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 961 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=32562091-7410-4bea-a1c4-d1aa594319e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 960 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=32562091-7410-4bea-a1c4-d1aa594319e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 959 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=32562091-7410-4bea-a1c4-d1aa594319e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 958 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=32562091-7410-4bea-a1c4-d1aa594319e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 957 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=32562091-7410-4bea-a1c4-d1aa594319e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 956 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=32562091-7410-4bea-a1c4-d1aa594319e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 955 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90e5bf1f-ea39-402c-b594-6c20e20fcb32
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5d96949e-6fc7-4644-b2fc-92bf010c304a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 954 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90e5bf1f-ea39-402c-b594-6c20e20fcb32
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 953 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90e5bf1f-ea39-402c-b594-6c20e20fcb32
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 952 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90e5bf1f-ea39-402c-b594-6c20e20fcb32
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 951 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90e5bf1f-ea39-402c-b594-6c20e20fcb32
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 950 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90e5bf1f-ea39-402c-b594-6c20e20fcb32
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 949 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90e5bf1f-ea39-402c-b594-6c20e20fcb32
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 948 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=131b188f-8647-416e-8106-5cd39f74978e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0cad00a8-4427-459e-83f3-0256e65f200e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 947 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=86162420-5679-421a-b8d2-4018412bdbef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=060f4bb2-0b9d-427b-b742-e7a7aae9ceaa
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 946 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=86162420-5679-421a-b8d2-4018412bdbef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 945 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=86162420-5679-421a-b8d2-4018412bdbef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 944 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=86162420-5679-421a-b8d2-4018412bdbef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 943 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=86162420-5679-421a-b8d2-4018412bdbef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 942 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=86162420-5679-421a-b8d2-4018412bdbef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 941 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=86162420-5679-421a-b8d2-4018412bdbef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 940 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=86162420-5679-421a-b8d2-4018412bdbef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 939 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=86162420-5679-421a-b8d2-4018412bdbef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 938 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=131b188f-8647-416e-8106-5cd39f74978e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0cad00a8-4427-459e-83f3-0256e65f200e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 937 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=131b188f-8647-416e-8106-5cd39f74978e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 936 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=131b188f-8647-416e-8106-5cd39f74978e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 935 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=131b188f-8647-416e-8106-5cd39f74978e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 934 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=131b188f-8647-416e-8106-5cd39f74978e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 933 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=131b188f-8647-416e-8106-5cd39f74978e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 932 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=131b188f-8647-416e-8106-5cd39f74978e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 931 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:25:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=418e0361-1bf3-4546-8546-df169879a41d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c97afba7-e86c-474e-94b3-464b3cd6f928
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 930 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=98ad1269-e80d-431a-a80b-f911522b1978
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4b543ce8-cf1d-4dff-bbd8-e5446dd9b27f
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 929 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=98ad1269-e80d-431a-a80b-f911522b1978
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4b543ce8-cf1d-4dff-bbd8-e5446dd9b27f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 928 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=98ad1269-e80d-431a-a80b-f911522b1978
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 927 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=98ad1269-e80d-431a-a80b-f911522b1978
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 926 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=98ad1269-e80d-431a-a80b-f911522b1978
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 925 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=98ad1269-e80d-431a-a80b-f911522b1978
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 924 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=98ad1269-e80d-431a-a80b-f911522b1978
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 923 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=98ad1269-e80d-431a-a80b-f911522b1978
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 922 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=98ad1269-e80d-431a-a80b-f911522b1978
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 921 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=98ad1269-e80d-431a-a80b-f911522b1978
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 920 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=418e0361-1bf3-4546-8546-df169879a41d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c97afba7-e86c-474e-94b3-464b3cd6f928
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 919 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=418e0361-1bf3-4546-8546-df169879a41d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 918 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=418e0361-1bf3-4546-8546-df169879a41d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 917 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=418e0361-1bf3-4546-8546-df169879a41d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 916 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=418e0361-1bf3-4546-8546-df169879a41d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 915 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=418e0361-1bf3-4546-8546-df169879a41d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 914 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=418e0361-1bf3-4546-8546-df169879a41d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 913 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf220663-2531-417f-8c0d-dd653562f765
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ceb93363-4cfb-4351-a2e7-e81d7a8ee8c2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 912 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c7a5c48-d2c4-4722-828c-020803f37578
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fe0c032c-8e63-4768-b05d-a7351e57b889
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 911 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c7a5c48-d2c4-4722-828c-020803f37578
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fe0c032c-8e63-4768-b05d-a7351e57b889
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 910 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c7a5c48-d2c4-4722-828c-020803f37578
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 909 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c7a5c48-d2c4-4722-828c-020803f37578
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 908 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c7a5c48-d2c4-4722-828c-020803f37578
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 907 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c7a5c48-d2c4-4722-828c-020803f37578
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 906 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c7a5c48-d2c4-4722-828c-020803f37578
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 905 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c7a5c48-d2c4-4722-828c-020803f37578
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 904 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c7a5c48-d2c4-4722-828c-020803f37578
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 903 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c7a5c48-d2c4-4722-828c-020803f37578
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 902 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf220663-2531-417f-8c0d-dd653562f765
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ceb93363-4cfb-4351-a2e7-e81d7a8ee8c2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 901 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf220663-2531-417f-8c0d-dd653562f765
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 900 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf220663-2531-417f-8c0d-dd653562f765
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 899 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf220663-2531-417f-8c0d-dd653562f765
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 898 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf220663-2531-417f-8c0d-dd653562f765
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 897 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf220663-2531-417f-8c0d-dd653562f765
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 896 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf220663-2531-417f-8c0d-dd653562f765
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 895 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d136a87d-adb7-43b1-ac19-9311c3a1e3db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e7fc8b9a-beec-48f4-bb69-12966a81d965
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 894 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc2de915-928d-4af2-bacc-8695ed57494e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=30ffa588-262c-4602-9e7c-b2fd70a226d3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 893 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc2de915-928d-4af2-bacc-8695ed57494e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 892 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc2de915-928d-4af2-bacc-8695ed57494e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 891 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc2de915-928d-4af2-bacc-8695ed57494e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 890 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc2de915-928d-4af2-bacc-8695ed57494e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 889 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc2de915-928d-4af2-bacc-8695ed57494e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 888 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc2de915-928d-4af2-bacc-8695ed57494e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 887 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc2de915-928d-4af2-bacc-8695ed57494e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 886 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc2de915-928d-4af2-bacc-8695ed57494e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 885 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d136a87d-adb7-43b1-ac19-9311c3a1e3db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e7fc8b9a-beec-48f4-bb69-12966a81d965
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 884 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d136a87d-adb7-43b1-ac19-9311c3a1e3db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 883 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d136a87d-adb7-43b1-ac19-9311c3a1e3db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 882 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d136a87d-adb7-43b1-ac19-9311c3a1e3db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 881 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d136a87d-adb7-43b1-ac19-9311c3a1e3db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 880 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d136a87d-adb7-43b1-ac19-9311c3a1e3db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 879 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d136a87d-adb7-43b1-ac19-9311c3a1e3db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 878 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1b26255f-62ca-48a8-a459-e6e3bef46b04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b6c6cb27-39b2-4a1c-a243-dcb4d06bb9ac
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 877 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=13d9b293-3389-4e72-922f-5bc2f52293cb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6a747053-1ea8-4a84-aa13-1453cdaf452b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 876 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=13d9b293-3389-4e72-922f-5bc2f52293cb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 875 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=13d9b293-3389-4e72-922f-5bc2f52293cb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 874 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=13d9b293-3389-4e72-922f-5bc2f52293cb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 873 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=13d9b293-3389-4e72-922f-5bc2f52293cb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 872 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=13d9b293-3389-4e72-922f-5bc2f52293cb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 871 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=13d9b293-3389-4e72-922f-5bc2f52293cb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 870 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=13d9b293-3389-4e72-922f-5bc2f52293cb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 869 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=13d9b293-3389-4e72-922f-5bc2f52293cb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 868 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1b26255f-62ca-48a8-a459-e6e3bef46b04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b6c6cb27-39b2-4a1c-a243-dcb4d06bb9ac
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 867 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1b26255f-62ca-48a8-a459-e6e3bef46b04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 866 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1b26255f-62ca-48a8-a459-e6e3bef46b04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 865 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1b26255f-62ca-48a8-a459-e6e3bef46b04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 864 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1b26255f-62ca-48a8-a459-e6e3bef46b04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 863 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1b26255f-62ca-48a8-a459-e6e3bef46b04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 862 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1b26255f-62ca-48a8-a459-e6e3bef46b04
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 861 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42523380-627d-4f30-9f7f-f69dc4579289
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=90a5e299-f775-46cf-8de0-2a5b71734b08
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 860 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d402c9b5-eb24-4e16-a8e3-21ca823cb447
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=43e28b7a-ece4-4cab-96d7-b51aa40aade8
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 859 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d402c9b5-eb24-4e16-a8e3-21ca823cb447
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=43e28b7a-ece4-4cab-96d7-b51aa40aade8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 858 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d402c9b5-eb24-4e16-a8e3-21ca823cb447
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 857 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d402c9b5-eb24-4e16-a8e3-21ca823cb447
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 856 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d402c9b5-eb24-4e16-a8e3-21ca823cb447
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 855 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d402c9b5-eb24-4e16-a8e3-21ca823cb447
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 854 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d402c9b5-eb24-4e16-a8e3-21ca823cb447
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 853 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d402c9b5-eb24-4e16-a8e3-21ca823cb447
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 852 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d402c9b5-eb24-4e16-a8e3-21ca823cb447
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 851 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d402c9b5-eb24-4e16-a8e3-21ca823cb447
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 850 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42523380-627d-4f30-9f7f-f69dc4579289
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=90a5e299-f775-46cf-8de0-2a5b71734b08
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 849 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42523380-627d-4f30-9f7f-f69dc4579289
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 848 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42523380-627d-4f30-9f7f-f69dc4579289
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 847 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42523380-627d-4f30-9f7f-f69dc4579289
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 846 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42523380-627d-4f30-9f7f-f69dc4579289
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 845 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42523380-627d-4f30-9f7f-f69dc4579289
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 844 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42523380-627d-4f30-9f7f-f69dc4579289
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 843 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:24:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2788793-9e6e-4fb0-928b-16d66caf2ca1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0fbdf560-f2e2-4796-bbd1-ef8e7065b75e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 842 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ceb2aca-b634-45e9-9e8c-e9c94755774c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a34b60b4-8b87-406f-a7f5-1761f6775b40
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 841 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ceb2aca-b634-45e9-9e8c-e9c94755774c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a34b60b4-8b87-406f-a7f5-1761f6775b40
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 840 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ceb2aca-b634-45e9-9e8c-e9c94755774c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 839 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ceb2aca-b634-45e9-9e8c-e9c94755774c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 838 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ceb2aca-b634-45e9-9e8c-e9c94755774c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 837 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ceb2aca-b634-45e9-9e8c-e9c94755774c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 836 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ceb2aca-b634-45e9-9e8c-e9c94755774c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 835 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ceb2aca-b634-45e9-9e8c-e9c94755774c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 834 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ceb2aca-b634-45e9-9e8c-e9c94755774c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 833 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ceb2aca-b634-45e9-9e8c-e9c94755774c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 832 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2788793-9e6e-4fb0-928b-16d66caf2ca1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0fbdf560-f2e2-4796-bbd1-ef8e7065b75e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 831 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2788793-9e6e-4fb0-928b-16d66caf2ca1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 830 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2788793-9e6e-4fb0-928b-16d66caf2ca1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 829 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2788793-9e6e-4fb0-928b-16d66caf2ca1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 828 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2788793-9e6e-4fb0-928b-16d66caf2ca1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 827 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2788793-9e6e-4fb0-928b-16d66caf2ca1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 826 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2788793-9e6e-4fb0-928b-16d66caf2ca1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 825 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa057df3-8dea-423d-9a8d-93b47e08b340
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9d0035a4-8e92-442d-982c-d1041a5f7a81
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 824 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1ea77340-0646-4cdb-9f83-16becd09cf98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c0172e63-4ab5-4d2e-959e-7c26f3eb8405
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 823 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1ea77340-0646-4cdb-9f83-16becd09cf98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 822 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1ea77340-0646-4cdb-9f83-16becd09cf98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 821 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1ea77340-0646-4cdb-9f83-16becd09cf98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 820 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1ea77340-0646-4cdb-9f83-16becd09cf98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 819 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1ea77340-0646-4cdb-9f83-16becd09cf98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 818 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1ea77340-0646-4cdb-9f83-16becd09cf98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 817 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1ea77340-0646-4cdb-9f83-16becd09cf98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 816 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1ea77340-0646-4cdb-9f83-16becd09cf98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 815 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa057df3-8dea-423d-9a8d-93b47e08b340
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9d0035a4-8e92-442d-982c-d1041a5f7a81
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 814 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa057df3-8dea-423d-9a8d-93b47e08b340
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 813 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa057df3-8dea-423d-9a8d-93b47e08b340
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 812 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa057df3-8dea-423d-9a8d-93b47e08b340
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 811 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa057df3-8dea-423d-9a8d-93b47e08b340
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 810 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa057df3-8dea-423d-9a8d-93b47e08b340
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 809 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa057df3-8dea-423d-9a8d-93b47e08b340
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 808 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bafd5e6e-0040-4cb2-8b17-f3e218351cb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABNAEEATQBRAEEAdQBBAEQAWQBBAE0AZwBBAHQAQQBEAEkAQQBOAFEAQQB4AEEARABnAEEATQBnAEEAeABBAEQAUQBBAE0AUQBBAHkAQQBEAFUAQQBNAFEAQQB3AEEARABjAEEATQBBAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=7e74b901-7fec-450b-84a9-ea4141cb09f0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 807 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=089aa3e8-74ea-4906-8c6c-1ebd7599c7f4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADMAMQAuADYAMgAtADIANQAxADgAMgAxADQAMQAyADUAMQAwADcAMAAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=33906cf1-a18e-4f32-8ee4-d84d355497cd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 806 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=089aa3e8-74ea-4906-8c6c-1ebd7599c7f4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADMAMQAuADYAMgAtADIANQAxADgAMgAxADQAMQAyADUAMQAwADcAMAAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=33906cf1-a18e-4f32-8ee4-d84d355497cd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 805 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=089aa3e8-74ea-4906-8c6c-1ebd7599c7f4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADMAMQAuADYAMgAtADIANQAxADgAMgAxADQAMQAyADUAMQAwADcAMAAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 804 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=089aa3e8-74ea-4906-8c6c-1ebd7599c7f4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADMAMQAuADYAMgAtADIANQAxADgAMgAxADQAMQAyADUAMQAwADcAMAAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 803 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=089aa3e8-74ea-4906-8c6c-1ebd7599c7f4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADMAMQAuADYAMgAtADIANQAxADgAMgAxADQAMQAyADUAMQAwADcAMAAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 802 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=089aa3e8-74ea-4906-8c6c-1ebd7599c7f4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADMAMQAuADYAMgAtADIANQAxADgAMgAxADQAMQAyADUAMQAwADcAMAAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 801 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=089aa3e8-74ea-4906-8c6c-1ebd7599c7f4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADMAMQAuADYAMgAtADIANQAxADgAMgAxADQAMQAyADUAMQAwADcAMAAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 800 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=089aa3e8-74ea-4906-8c6c-1ebd7599c7f4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADMAMQAuADYAMgAtADIANQAxADgAMgAxADQAMQAyADUAMQAwADcAMAAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 799 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bafd5e6e-0040-4cb2-8b17-f3e218351cb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABNAEEATQBRAEEAdQBBAEQAWQBBAE0AZwBBAHQAQQBEAEkAQQBOAFEAQQB4AEEARABnAEEATQBnAEEAeABBAEQAUQBBAE0AUQBBAHkAQQBEAFUAQQBNAFEAQQB3AEEARABjAEEATQBBAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=7e74b901-7fec-450b-84a9-ea4141cb09f0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 798 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bafd5e6e-0040-4cb2-8b17-f3e218351cb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABNAEEATQBRAEEAdQBBAEQAWQBBAE0AZwBBAHQAQQBEAEkAQQBOAFEAQQB4AEEARABnAEEATQBnAEEAeABBAEQAUQBBAE0AUQBBAHkAQQBEAFUAQQBNAFEAQQB3AEEARABjAEEATQBBAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 797 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bafd5e6e-0040-4cb2-8b17-f3e218351cb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABNAEEATQBRAEEAdQBBAEQAWQBBAE0AZwBBAHQAQQBEAEkAQQBOAFEAQQB4AEEARABnAEEATQBnAEEAeABBAEQAUQBBAE0AUQBBAHkAQQBEAFUAQQBNAFEAQQB3AEEARABjAEEATQBBAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 796 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bafd5e6e-0040-4cb2-8b17-f3e218351cb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABNAEEATQBRAEEAdQBBAEQAWQBBAE0AZwBBAHQAQQBEAEkAQQBOAFEAQQB4AEEARABnAEEATQBnAEEAeABBAEQAUQBBAE0AUQBBAHkAQQBEAFUAQQBNAFEAQQB3AEEARABjAEEATQBBAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 795 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bafd5e6e-0040-4cb2-8b17-f3e218351cb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABNAEEATQBRAEEAdQBBAEQAWQBBAE0AZwBBAHQAQQBEAEkAQQBOAFEAQQB4AEEARABnAEEATQBnAEEAeABBAEQAUQBBAE0AUQBBAHkAQQBEAFUAQQBNAFEAQQB3AEEARABjAEEATQBBAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 794 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bafd5e6e-0040-4cb2-8b17-f3e218351cb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABNAEEATQBRAEEAdQBBAEQAWQBBAE0AZwBBAHQAQQBEAEkAQQBOAFEAQQB4AEEARABnAEEATQBnAEEAeABBAEQAUQBBAE0AUQBBAHkAQQBEAFUAQQBNAFEAQQB3AEEARABjAEEATQBBAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 793 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bafd5e6e-0040-4cb2-8b17-f3e218351cb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABNAEEATQBRAEEAdQBBAEQAWQBBAE0AZwBBAHQAQQBEAEkAQQBOAFEAQQB4AEEARABnAEEATQBnAEEAeABBAEQAUQBBAE0AUQBBAHkAQQBEAFUAQQBNAFEAQQB3AEEARABjAEEATQBBAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 792 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb683fc6-9768-4244-a003-4d40982f0274
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0bd5ed3a-f752-4fc1-89c6-e313d9912a97
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 791 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5236e289-8760-4a13-89ac-d7351b8bfb08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bf170cf5-3f08-4f0f-aece-5371eba0d8e7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 790 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5236e289-8760-4a13-89ac-d7351b8bfb08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 789 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5236e289-8760-4a13-89ac-d7351b8bfb08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 788 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5236e289-8760-4a13-89ac-d7351b8bfb08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 787 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5236e289-8760-4a13-89ac-d7351b8bfb08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 786 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5236e289-8760-4a13-89ac-d7351b8bfb08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 785 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5236e289-8760-4a13-89ac-d7351b8bfb08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 784 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5236e289-8760-4a13-89ac-d7351b8bfb08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 783 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5236e289-8760-4a13-89ac-d7351b8bfb08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 782 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb683fc6-9768-4244-a003-4d40982f0274
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0bd5ed3a-f752-4fc1-89c6-e313d9912a97
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 781 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb683fc6-9768-4244-a003-4d40982f0274
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 780 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb683fc6-9768-4244-a003-4d40982f0274
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 779 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb683fc6-9768-4244-a003-4d40982f0274
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 778 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb683fc6-9768-4244-a003-4d40982f0274
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 777 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb683fc6-9768-4244-a003-4d40982f0274
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 776 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb683fc6-9768-4244-a003-4d40982f0274
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 775 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c93defa9-ab6a-40fa-9e71-263b499797e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADMAMQAuADYAMgAtADIANQAxADgAMgAxADQAMQAyADUAMQAwADcAMAAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=30c578f0-f45d-4e43-92ed-d8a84715a592
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 774 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c93defa9-ab6a-40fa-9e71-263b499797e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADMAMQAuADYAMgAtADIANQAxADgAMgAxADQAMQAyADUAMQAwADcAMAAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=30c578f0-f45d-4e43-92ed-d8a84715a592
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 773 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c93defa9-ab6a-40fa-9e71-263b499797e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADMAMQAuADYAMgAtADIANQAxADgAMgAxADQAMQAyADUAMQAwADcAMAAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 772 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c93defa9-ab6a-40fa-9e71-263b499797e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADMAMQAuADYAMgAtADIANQAxADgAMgAxADQAMQAyADUAMQAwADcAMAAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 771 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c93defa9-ab6a-40fa-9e71-263b499797e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADMAMQAuADYAMgAtADIANQAxADgAMgAxADQAMQAyADUAMQAwADcAMAAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 770 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c93defa9-ab6a-40fa-9e71-263b499797e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADMAMQAuADYAMgAtADIANQAxADgAMgAxADQAMQAyADUAMQAwADcAMAAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 769 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c93defa9-ab6a-40fa-9e71-263b499797e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADMAMQAuADYAMgAtADIANQAxADgAMgAxADQAMQAyADUAMQAwADcAMAAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 768 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c93defa9-ab6a-40fa-9e71-263b499797e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADMAMQAuADYAMgAtADIANQAxADgAMgAxADQAMQAyADUAMQAwADcAMAAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 767 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dd74b9cd-2972-4899-88d7-b9b14a6236d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fff8c393-f5cd-4cbf-86bc-91c66dea4b2a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 766 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36bd14f3-0ba3-4d72-958c-a394168e8c13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=525a02fc-4015-4509-9a67-1996eaca2d50
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 765 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36bd14f3-0ba3-4d72-958c-a394168e8c13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 764 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36bd14f3-0ba3-4d72-958c-a394168e8c13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 763 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36bd14f3-0ba3-4d72-958c-a394168e8c13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 762 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36bd14f3-0ba3-4d72-958c-a394168e8c13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 761 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36bd14f3-0ba3-4d72-958c-a394168e8c13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 760 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36bd14f3-0ba3-4d72-958c-a394168e8c13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 759 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36bd14f3-0ba3-4d72-958c-a394168e8c13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 758 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36bd14f3-0ba3-4d72-958c-a394168e8c13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 757 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dd74b9cd-2972-4899-88d7-b9b14a6236d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fff8c393-f5cd-4cbf-86bc-91c66dea4b2a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 756 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dd74b9cd-2972-4899-88d7-b9b14a6236d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 755 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dd74b9cd-2972-4899-88d7-b9b14a6236d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 754 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dd74b9cd-2972-4899-88d7-b9b14a6236d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 753 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dd74b9cd-2972-4899-88d7-b9b14a6236d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 752 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dd74b9cd-2972-4899-88d7-b9b14a6236d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 751 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dd74b9cd-2972-4899-88d7-b9b14a6236d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 750 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35d24b7a-629f-452e-a89e-6886caf6ca0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAHcAQQB4AEEAQwA0AEEATgBnAEEAeQBBAEMAMABBAE0AZwBBADEAQQBEAEUAQQBPAEEAQQB5AEEARABFAEEATgBBAEEAeABBAEQASQBBAE4AUQBBAHgAQQBEAEEAQQBOAHcAQQB3AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=65df554b-a9f5-4254-98e0-b74462bbaeee
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 749 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=27b79d21-710b-492b-a3e0-edb683fa3b0f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMwAxAC4ANgAyAC0AMgA1ADEAOAAyADEANAAxADIANQAxADAANwAwADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=2d437cfb-4f1c-4e85-b1c3-9aee98da43bd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 748 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=27b79d21-710b-492b-a3e0-edb683fa3b0f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMwAxAC4ANgAyAC0AMgA1ADEAOAAyADEANAAxADIANQAxADAANwAwADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=2d437cfb-4f1c-4e85-b1c3-9aee98da43bd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 747 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=27b79d21-710b-492b-a3e0-edb683fa3b0f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMwAxAC4ANgAyAC0AMgA1ADEAOAAyADEANAAxADIANQAxADAANwAwADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 746 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=27b79d21-710b-492b-a3e0-edb683fa3b0f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMwAxAC4ANgAyAC0AMgA1ADEAOAAyADEANAAxADIANQAxADAANwAwADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 745 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=27b79d21-710b-492b-a3e0-edb683fa3b0f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMwAxAC4ANgAyAC0AMgA1ADEAOAAyADEANAAxADIANQAxADAANwAwADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 744 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=27b79d21-710b-492b-a3e0-edb683fa3b0f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMwAxAC4ANgAyAC0AMgA1ADEAOAAyADEANAAxADIANQAxADAANwAwADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 743 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=27b79d21-710b-492b-a3e0-edb683fa3b0f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMwAxAC4ANgAyAC0AMgA1ADEAOAAyADEANAAxADIANQAxADAANwAwADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 742 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=27b79d21-710b-492b-a3e0-edb683fa3b0f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMwAxAC4ANgAyAC0AMgA1ADEAOAAyADEANAAxADIANQAxADAANwAwADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 741 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35d24b7a-629f-452e-a89e-6886caf6ca0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAHcAQQB4AEEAQwA0AEEATgBnAEEAeQBBAEMAMABBAE0AZwBBADEAQQBEAEUAQQBPAEEAQQB5AEEARABFAEEATgBBAEEAeABBAEQASQBBAE4AUQBBAHgAQQBEAEEAQQBOAHcAQQB3AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=65df554b-a9f5-4254-98e0-b74462bbaeee
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 740 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35d24b7a-629f-452e-a89e-6886caf6ca0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAHcAQQB4AEEAQwA0AEEATgBnAEEAeQBBAEMAMABBAE0AZwBBADEAQQBEAEUAQQBPAEEAQQB5AEEARABFAEEATgBBAEEAeABBAEQASQBBAE4AUQBBAHgAQQBEAEEAQQBOAHcAQQB3AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 739 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35d24b7a-629f-452e-a89e-6886caf6ca0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAHcAQQB4AEEAQwA0AEEATgBnAEEAeQBBAEMAMABBAE0AZwBBADEAQQBEAEUAQQBPAEEAQQB5AEEARABFAEEATgBBAEEAeABBAEQASQBBAE4AUQBBAHgAQQBEAEEAQQBOAHcAQQB3AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 738 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35d24b7a-629f-452e-a89e-6886caf6ca0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAHcAQQB4AEEAQwA0AEEATgBnAEEAeQBBAEMAMABBAE0AZwBBADEAQQBEAEUAQQBPAEEAQQB5AEEARABFAEEATgBBAEEAeABBAEQASQBBAE4AUQBBAHgAQQBEAEEAQQBOAHcAQQB3AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 737 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35d24b7a-629f-452e-a89e-6886caf6ca0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAHcAQQB4AEEAQwA0AEEATgBnAEEAeQBBAEMAMABBAE0AZwBBADEAQQBEAEUAQQBPAEEAQQB5AEEARABFAEEATgBBAEEAeABBAEQASQBBAE4AUQBBAHgAQQBEAEEAQQBOAHcAQQB3AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 736 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35d24b7a-629f-452e-a89e-6886caf6ca0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAHcAQQB4AEEAQwA0AEEATgBnAEEAeQBBAEMAMABBAE0AZwBBADEAQQBEAEUAQQBPAEEAQQB5AEEARABFAEEATgBBAEEAeABBAEQASQBBAE4AUQBBAHgAQQBEAEEAQQBOAHcAQQB3AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 735 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35d24b7a-629f-452e-a89e-6886caf6ca0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAHcAQQB4AEEAQwA0AEEATgBnAEEAeQBBAEMAMABBAE0AZwBBADEAQQBEAEUAQQBPAEEAQQB5AEEARABFAEEATgBBAEEAeABBAEQASQBBAE4AUQBBAHgAQQBEAEEAQQBOAHcAQQB3AEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 734 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=67ecd321-ef13-4253-9b9e-a6cf60f64458
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABJAEEATgBnAEEAdQBBAEQAawBBAE4AZwBBAHQAQQBEAEkAQQBNAFEAQQA1AEEARABrAEEATgBRAEEANQBBAEQAQQBBAE8AQQBBAHoAQQBEAGcAQQBOAHcAQQA1AEEARABFAEEATQBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=3cbd7458-4b2c-4233-9ca9-a897cabe5957
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 733 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f9fd096a-f19d-423d-9e2c-8b98dd06f610
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIANgAuADkANgAtADIAMQA5ADkANQA5ADAAOAAzADgANwA5ADEAMAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=bf9a9616-8218-4216-8044-8d0226172235
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 732 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f9fd096a-f19d-423d-9e2c-8b98dd06f610
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIANgAuADkANgAtADIAMQA5ADkANQA5ADAAOAAzADgANwA5ADEAMAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=bf9a9616-8218-4216-8044-8d0226172235
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 731 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f9fd096a-f19d-423d-9e2c-8b98dd06f610
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIANgAuADkANgAtADIAMQA5ADkANQA5ADAAOAAzADgANwA5ADEAMAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 730 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f9fd096a-f19d-423d-9e2c-8b98dd06f610
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIANgAuADkANgAtADIAMQA5ADkANQA5ADAAOAAzADgANwA5ADEAMAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 729 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f9fd096a-f19d-423d-9e2c-8b98dd06f610
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIANgAuADkANgAtADIAMQA5ADkANQA5ADAAOAAzADgANwA5ADEAMAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 728 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f9fd096a-f19d-423d-9e2c-8b98dd06f610
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIANgAuADkANgAtADIAMQA5ADkANQA5ADAAOAAzADgANwA5ADEAMAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 727 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f9fd096a-f19d-423d-9e2c-8b98dd06f610
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIANgAuADkANgAtADIAMQA5ADkANQA5ADAAOAAzADgANwA5ADEAMAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 726 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f9fd096a-f19d-423d-9e2c-8b98dd06f610
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIANgAuADkANgAtADIAMQA5ADkANQA5ADAAOAAzADgANwA5ADEAMAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 725 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=67ecd321-ef13-4253-9b9e-a6cf60f64458
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABJAEEATgBnAEEAdQBBAEQAawBBAE4AZwBBAHQAQQBEAEkAQQBNAFEAQQA1AEEARABrAEEATgBRAEEANQBBAEQAQQBBAE8AQQBBAHoAQQBEAGcAQQBOAHcAQQA1AEEARABFAEEATQBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=3cbd7458-4b2c-4233-9ca9-a897cabe5957
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 724 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=67ecd321-ef13-4253-9b9e-a6cf60f64458
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABJAEEATgBnAEEAdQBBAEQAawBBAE4AZwBBAHQAQQBEAEkAQQBNAFEAQQA1AEEARABrAEEATgBRAEEANQBBAEQAQQBBAE8AQQBBAHoAQQBEAGcAQQBOAHcAQQA1AEEARABFAEEATQBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 723 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=67ecd321-ef13-4253-9b9e-a6cf60f64458
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABJAEEATgBnAEEAdQBBAEQAawBBAE4AZwBBAHQAQQBEAEkAQQBNAFEAQQA1AEEARABrAEEATgBRAEEANQBBAEQAQQBBAE8AQQBBAHoAQQBEAGcAQQBOAHcAQQA1AEEARABFAEEATQBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 722 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=67ecd321-ef13-4253-9b9e-a6cf60f64458
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABJAEEATgBnAEEAdQBBAEQAawBBAE4AZwBBAHQAQQBEAEkAQQBNAFEAQQA1AEEARABrAEEATgBRAEEANQBBAEQAQQBBAE8AQQBBAHoAQQBEAGcAQQBOAHcAQQA1AEEARABFAEEATQBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 721 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=67ecd321-ef13-4253-9b9e-a6cf60f64458
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABJAEEATgBnAEEAdQBBAEQAawBBAE4AZwBBAHQAQQBEAEkAQQBNAFEAQQA1AEEARABrAEEATgBRAEEANQBBAEQAQQBBAE8AQQBBAHoAQQBEAGcAQQBOAHcAQQA1AEEARABFAEEATQBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 720 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=67ecd321-ef13-4253-9b9e-a6cf60f64458
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABJAEEATgBnAEEAdQBBAEQAawBBAE4AZwBBAHQAQQBEAEkAQQBNAFEAQQA1AEEARABrAEEATgBRAEEANQBBAEQAQQBBAE8AQQBBAHoAQQBEAGcAQQBOAHcAQQA1AEEARABFAEEATQBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 719 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=67ecd321-ef13-4253-9b9e-a6cf60f64458
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABJAEEATgBnAEEAdQBBAEQAawBBAE4AZwBBAHQAQQBEAEkAQQBNAFEAQQA1AEEARABrAEEATgBRAEEANQBBAEQAQQBBAE8AQQBBAHoAQQBEAGcAQQBOAHcAQQA1AEEARABFAEEATQBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 718 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb3b25fa-e287-437b-8286-8dd6ded91f71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7eb05fcb-7387-415b-82cc-7b31fc51b1ad
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 717 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c4eb0851-338e-4d77-a27b-868d7568f46e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=28d0fbcc-db31-4b44-8412-9e4cbe0d5f0e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 716 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c4eb0851-338e-4d77-a27b-868d7568f46e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 715 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c4eb0851-338e-4d77-a27b-868d7568f46e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 714 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c4eb0851-338e-4d77-a27b-868d7568f46e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 713 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c4eb0851-338e-4d77-a27b-868d7568f46e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 712 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c4eb0851-338e-4d77-a27b-868d7568f46e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 711 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c4eb0851-338e-4d77-a27b-868d7568f46e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 710 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c4eb0851-338e-4d77-a27b-868d7568f46e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 709 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c4eb0851-338e-4d77-a27b-868d7568f46e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 708 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb3b25fa-e287-437b-8286-8dd6ded91f71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7eb05fcb-7387-415b-82cc-7b31fc51b1ad
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 707 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb3b25fa-e287-437b-8286-8dd6ded91f71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 706 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb3b25fa-e287-437b-8286-8dd6ded91f71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 705 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb3b25fa-e287-437b-8286-8dd6ded91f71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 704 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb3b25fa-e287-437b-8286-8dd6ded91f71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 703 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb3b25fa-e287-437b-8286-8dd6ded91f71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 702 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb3b25fa-e287-437b-8286-8dd6ded91f71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 701 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c110422-056e-461e-bc83-fea95405be45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIANgAuADkANgAtADIAMQA5ADkANQA5ADAAOAAzADgANwA5ADEAMAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=bc1c58f1-a074-4ba1-b79d-89846ea09f66
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 700 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c110422-056e-461e-bc83-fea95405be45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIANgAuADkANgAtADIAMQA5ADkANQA5ADAAOAAzADgANwA5ADEAMAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=bc1c58f1-a074-4ba1-b79d-89846ea09f66
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 699 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c110422-056e-461e-bc83-fea95405be45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIANgAuADkANgAtADIAMQA5ADkANQA5ADAAOAAzADgANwA5ADEAMAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 698 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c110422-056e-461e-bc83-fea95405be45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIANgAuADkANgAtADIAMQA5ADkANQA5ADAAOAAzADgANwA5ADEAMAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 697 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c110422-056e-461e-bc83-fea95405be45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIANgAuADkANgAtADIAMQA5ADkANQA5ADAAOAAzADgANwA5ADEAMAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 696 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c110422-056e-461e-bc83-fea95405be45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIANgAuADkANgAtADIAMQA5ADkANQA5ADAAOAAzADgANwA5ADEAMAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 695 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c110422-056e-461e-bc83-fea95405be45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIANgAuADkANgAtADIAMQA5ADkANQA5ADAAOAAzADgANwA5ADEAMAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 694 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c110422-056e-461e-bc83-fea95405be45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIANgAuADkANgAtADIAMQA5ADkANQA5ADAAOAAzADgANwA5ADEAMAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 693 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2ecc083-a1bc-4912-b2a9-2fa398f05983
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=51e7894a-9e9e-4b0e-92ac-eec46c2f5a77
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 692 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4e403f37-b049-4110-902a-fccb3cb3ba98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=64b5ec4e-982d-42df-a548-36433411f61a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 691 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4e403f37-b049-4110-902a-fccb3cb3ba98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 690 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4e403f37-b049-4110-902a-fccb3cb3ba98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 689 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4e403f37-b049-4110-902a-fccb3cb3ba98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 688 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4e403f37-b049-4110-902a-fccb3cb3ba98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 687 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4e403f37-b049-4110-902a-fccb3cb3ba98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 686 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4e403f37-b049-4110-902a-fccb3cb3ba98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 685 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4e403f37-b049-4110-902a-fccb3cb3ba98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 684 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4e403f37-b049-4110-902a-fccb3cb3ba98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 683 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2ecc083-a1bc-4912-b2a9-2fa398f05983
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=51e7894a-9e9e-4b0e-92ac-eec46c2f5a77
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 682 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2ecc083-a1bc-4912-b2a9-2fa398f05983
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 681 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2ecc083-a1bc-4912-b2a9-2fa398f05983
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 680 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2ecc083-a1bc-4912-b2a9-2fa398f05983
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 679 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2ecc083-a1bc-4912-b2a9-2fa398f05983
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 678 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2ecc083-a1bc-4912-b2a9-2fa398f05983
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 677 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2ecc083-a1bc-4912-b2a9-2fa398f05983
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 676 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=53f4d041-c7cf-4bd9-af53-3a6c75acf1ba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAGcAQQAyAEEAQwA0AEEATwBRAEEAMgBBAEMAMABBAE0AZwBBAHgAQQBEAGsAQQBPAFEAQQAxAEEARABrAEEATQBBAEEANABBAEQATQBBAE8AQQBBADMAQQBEAGsAQQBNAFEAQQB3AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=823b33b7-0a92-43ce-9345-b1643f099887
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 675 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec30057c-8530-4474-a91c-71c1938c3897
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMgA2AC4AOQA2AC0AMgAxADkAOQA1ADkAMAA4ADMAOAA3ADkAMQAwADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=fc9091a7-e79c-42a7-9164-5eee4d9da06e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 674 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec30057c-8530-4474-a91c-71c1938c3897
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMgA2AC4AOQA2AC0AMgAxADkAOQA1ADkAMAA4ADMAOAA3ADkAMQAwADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=fc9091a7-e79c-42a7-9164-5eee4d9da06e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 673 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec30057c-8530-4474-a91c-71c1938c3897
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMgA2AC4AOQA2AC0AMgAxADkAOQA1ADkAMAA4ADMAOAA3ADkAMQAwADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 672 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec30057c-8530-4474-a91c-71c1938c3897
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMgA2AC4AOQA2AC0AMgAxADkAOQA1ADkAMAA4ADMAOAA3ADkAMQAwADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 671 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec30057c-8530-4474-a91c-71c1938c3897
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMgA2AC4AOQA2AC0AMgAxADkAOQA1ADkAMAA4ADMAOAA3ADkAMQAwADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 670 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec30057c-8530-4474-a91c-71c1938c3897
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMgA2AC4AOQA2AC0AMgAxADkAOQA1ADkAMAA4ADMAOAA3ADkAMQAwADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 669 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec30057c-8530-4474-a91c-71c1938c3897
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMgA2AC4AOQA2AC0AMgAxADkAOQA1ADkAMAA4ADMAOAA3ADkAMQAwADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 668 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec30057c-8530-4474-a91c-71c1938c3897
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMgA2AC4AOQA2AC0AMgAxADkAOQA1ADkAMAA4ADMAOAA3ADkAMQAwADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 667 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=53f4d041-c7cf-4bd9-af53-3a6c75acf1ba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAGcAQQAyAEEAQwA0AEEATwBRAEEAMgBBAEMAMABBAE0AZwBBAHgAQQBEAGsAQQBPAFEAQQAxAEEARABrAEEATQBBAEEANABBAEQATQBBAE8AQQBBADMAQQBEAGsAQQBNAFEAQQB3AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=823b33b7-0a92-43ce-9345-b1643f099887
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 666 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=53f4d041-c7cf-4bd9-af53-3a6c75acf1ba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAGcAQQAyAEEAQwA0AEEATwBRAEEAMgBBAEMAMABBAE0AZwBBAHgAQQBEAGsAQQBPAFEAQQAxAEEARABrAEEATQBBAEEANABBAEQATQBBAE8AQQBBADMAQQBEAGsAQQBNAFEAQQB3AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 665 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=53f4d041-c7cf-4bd9-af53-3a6c75acf1ba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAGcAQQAyAEEAQwA0AEEATwBRAEEAMgBBAEMAMABBAE0AZwBBAHgAQQBEAGsAQQBPAFEAQQAxAEEARABrAEEATQBBAEEANABBAEQATQBBAE8AQQBBADMAQQBEAGsAQQBNAFEAQQB3AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 664 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=53f4d041-c7cf-4bd9-af53-3a6c75acf1ba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAGcAQQAyAEEAQwA0AEEATwBRAEEAMgBBAEMAMABBAE0AZwBBAHgAQQBEAGsAQQBPAFEAQQAxAEEARABrAEEATQBBAEEANABBAEQATQBBAE8AQQBBADMAQQBEAGsAQQBNAFEAQQB3AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 663 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=53f4d041-c7cf-4bd9-af53-3a6c75acf1ba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAGcAQQAyAEEAQwA0AEEATwBRAEEAMgBBAEMAMABBAE0AZwBBAHgAQQBEAGsAQQBPAFEAQQAxAEEARABrAEEATQBBAEEANABBAEQATQBBAE8AQQBBADMAQQBEAGsAQQBNAFEAQQB3AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 662 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=53f4d041-c7cf-4bd9-af53-3a6c75acf1ba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAGcAQQAyAEEAQwA0AEEATwBRAEEAMgBBAEMAMABBAE0AZwBBAHgAQQBEAGsAQQBPAFEAQQAxAEEARABrAEEATQBBAEEANABBAEQATQBBAE8AQQBBADMAQQBEAGsAQQBNAFEAQQB3AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 661 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=53f4d041-c7cf-4bd9-af53-3a6c75acf1ba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAGcAQQAyAEEAQwA0AEEATwBRAEEAMgBBAEMAMABBAE0AZwBBAHgAQQBEAGsAQQBPAFEAQQAxAEEARABrAEEATQBBAEEANABBAEQATQBBAE8AQQBBADMAQQBEAGsAQQBNAFEAQQB3AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 660 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6151e680-91bb-4915-af6e-14a4d17f7246
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABJAEEATQBnAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB6AEEARABFAEEATwBRAEEANQBBAEQATQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQAyAEEARABrAEEATgB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=5919471b-e40a-4522-84e4-a03a08009128
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 659 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=05911b1f-c829-40ec-a975-0876cbfafec5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIAMgAuADMANwAtADIAMQAzADEAOQA5ADMANQA4ADQANQA2ADkANwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=4c15ad70-c3ff-4957-b618-94c0366eef33
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 658 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=05911b1f-c829-40ec-a975-0876cbfafec5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIAMgAuADMANwAtADIAMQAzADEAOQA5ADMANQA4ADQANQA2ADkANwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=4c15ad70-c3ff-4957-b618-94c0366eef33
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 657 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=05911b1f-c829-40ec-a975-0876cbfafec5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIAMgAuADMANwAtADIAMQAzADEAOQA5ADMANQA4ADQANQA2ADkANwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 656 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=05911b1f-c829-40ec-a975-0876cbfafec5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIAMgAuADMANwAtADIAMQAzADEAOQA5ADMANQA4ADQANQA2ADkANwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 655 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=05911b1f-c829-40ec-a975-0876cbfafec5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIAMgAuADMANwAtADIAMQAzADEAOQA5ADMANQA4ADQANQA2ADkANwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 654 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=05911b1f-c829-40ec-a975-0876cbfafec5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIAMgAuADMANwAtADIAMQAzADEAOQA5ADMANQA4ADQANQA2ADkANwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 653 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=05911b1f-c829-40ec-a975-0876cbfafec5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIAMgAuADMANwAtADIAMQAzADEAOQA5ADMANQA4ADQANQA2ADkANwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 652 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=05911b1f-c829-40ec-a975-0876cbfafec5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIAMgAuADMANwAtADIAMQAzADEAOQA5ADMANQA4ADQANQA2ADkANwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 651 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6151e680-91bb-4915-af6e-14a4d17f7246
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABJAEEATQBnAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB6AEEARABFAEEATwBRAEEANQBBAEQATQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQAyAEEARABrAEEATgB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=5919471b-e40a-4522-84e4-a03a08009128
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 650 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6151e680-91bb-4915-af6e-14a4d17f7246
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABJAEEATQBnAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB6AEEARABFAEEATwBRAEEANQBBAEQATQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQAyAEEARABrAEEATgB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 649 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6151e680-91bb-4915-af6e-14a4d17f7246
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABJAEEATQBnAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB6AEEARABFAEEATwBRAEEANQBBAEQATQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQAyAEEARABrAEEATgB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 648 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6151e680-91bb-4915-af6e-14a4d17f7246
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABJAEEATQBnAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB6AEEARABFAEEATwBRAEEANQBBAEQATQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQAyAEEARABrAEEATgB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 647 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6151e680-91bb-4915-af6e-14a4d17f7246
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABJAEEATQBnAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB6AEEARABFAEEATwBRAEEANQBBAEQATQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQAyAEEARABrAEEATgB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 646 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6151e680-91bb-4915-af6e-14a4d17f7246
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABJAEEATQBnAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB6AEEARABFAEEATwBRAEEANQBBAEQATQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQAyAEEARABrAEEATgB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 645 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6151e680-91bb-4915-af6e-14a4d17f7246
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQAVQBBAE4AUQBBADQAQQBEAE0AQQBOAFEAQQA0AEEARABJAEEATQBnAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB6AEEARABFAEEATwBRAEEANQBBAEQATQBBAE4AUQBBADQAQQBEAFEAQQBOAFEAQQAyAEEARABrAEEATgB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 644 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54538418-519b-41a4-ab4d-1781457fab71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fbead032-8f2f-49d0-a178-180d3a81d8ae
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 643 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c03c4197-3bd2-4386-9f14-517148b079f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=07292a94-7c13-4558-bec3-a989bed4091f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 642 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c03c4197-3bd2-4386-9f14-517148b079f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 641 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c03c4197-3bd2-4386-9f14-517148b079f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 640 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c03c4197-3bd2-4386-9f14-517148b079f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 639 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c03c4197-3bd2-4386-9f14-517148b079f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 638 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c03c4197-3bd2-4386-9f14-517148b079f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 637 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c03c4197-3bd2-4386-9f14-517148b079f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 636 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c03c4197-3bd2-4386-9f14-517148b079f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 635 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c03c4197-3bd2-4386-9f14-517148b079f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 634 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54538418-519b-41a4-ab4d-1781457fab71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fbead032-8f2f-49d0-a178-180d3a81d8ae
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 633 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54538418-519b-41a4-ab4d-1781457fab71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 632 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54538418-519b-41a4-ab4d-1781457fab71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 631 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54538418-519b-41a4-ab4d-1781457fab71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 630 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54538418-519b-41a4-ab4d-1781457fab71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 629 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54538418-519b-41a4-ab4d-1781457fab71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 628 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54538418-519b-41a4-ab4d-1781457fab71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 627 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b30adc0-5c8c-4f91-bfb8-ea0e26131436
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIAMgAuADMANwAtADIAMQAzADEAOQA5ADMANQA4ADQANQA2ADkANwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=4c0db5ed-eb3c-4104-9fee-00fefbfc9f29
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 626 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b30adc0-5c8c-4f91-bfb8-ea0e26131436
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIAMgAuADMANwAtADIAMQAzADEAOQA5ADMANQA4ADQANQA2ADkANwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=4c0db5ed-eb3c-4104-9fee-00fefbfc9f29
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 625 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b30adc0-5c8c-4f91-bfb8-ea0e26131436
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIAMgAuADMANwAtADIAMQAzADEAOQA5ADMANQA4ADQANQA2ADkANwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 624 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b30adc0-5c8c-4f91-bfb8-ea0e26131436
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIAMgAuADMANwAtADIAMQAzADEAOQA5ADMANQA4ADQANQA2ADkANwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 623 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b30adc0-5c8c-4f91-bfb8-ea0e26131436
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIAMgAuADMANwAtADIAMQAzADEAOQA5ADMANQA4ADQANQA2ADkANwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 622 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b30adc0-5c8c-4f91-bfb8-ea0e26131436
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIAMgAuADMANwAtADIAMQAzADEAOQA5ADMANQA4ADQANQA2ADkANwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 621 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b30adc0-5c8c-4f91-bfb8-ea0e26131436
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIAMgAuADMANwAtADIAMQAzADEAOQA5ADMANQA4ADQANQA2ADkANwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 620 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b30adc0-5c8c-4f91-bfb8-ea0e26131436
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADUANQA4ADMANQA4ADIAMgAuADMANwAtADIAMQAzADEAOQA5ADMANQA4ADQANQA2ADkANwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 619 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94b9dd30-fd56-44e7-9dca-976e9f9509b3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9bbdbd63-555d-4ed8-a230-a5468b7866b1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 618 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9bd968df-f616-4521-a741-32447cb3110b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=896d21c4-2d2f-464e-bff2-fdb56e8483d2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 617 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9bd968df-f616-4521-a741-32447cb3110b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 616 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9bd968df-f616-4521-a741-32447cb3110b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 615 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9bd968df-f616-4521-a741-32447cb3110b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 614 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9bd968df-f616-4521-a741-32447cb3110b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 613 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9bd968df-f616-4521-a741-32447cb3110b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 612 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9bd968df-f616-4521-a741-32447cb3110b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 611 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9bd968df-f616-4521-a741-32447cb3110b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 610 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9bd968df-f616-4521-a741-32447cb3110b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 609 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94b9dd30-fd56-44e7-9dca-976e9f9509b3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9bbdbd63-555d-4ed8-a230-a5468b7866b1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 608 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94b9dd30-fd56-44e7-9dca-976e9f9509b3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 607 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94b9dd30-fd56-44e7-9dca-976e9f9509b3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 606 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94b9dd30-fd56-44e7-9dca-976e9f9509b3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 605 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94b9dd30-fd56-44e7-9dca-976e9f9509b3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 604 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94b9dd30-fd56-44e7-9dca-976e9f9509b3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 603 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94b9dd30-fd56-44e7-9dca-976e9f9509b3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 602 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3f5c68f8-03df-487b-8487-a35f09d9c6e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAGcAQQB5AEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAE0AQQBNAFEAQQA1AEEARABrAEEATQB3AEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAFkAQQBPAFEAQQAzAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=7dd00987-f346-4382-a379-bc85ebe4ecad
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 601 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=227a652c-5f3c-45a4-8cfd-690f968ee8ae
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMgAyAC4AMwA3AC0AMgAxADMAMQA5ADkAMwA1ADgANAA1ADYAOQA3ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=407aed65-8da5-40c6-83a0-ae284892a494
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 600 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=227a652c-5f3c-45a4-8cfd-690f968ee8ae
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMgAyAC4AMwA3AC0AMgAxADMAMQA5ADkAMwA1ADgANAA1ADYAOQA3ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=407aed65-8da5-40c6-83a0-ae284892a494
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 599 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=227a652c-5f3c-45a4-8cfd-690f968ee8ae
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMgAyAC4AMwA3AC0AMgAxADMAMQA5ADkAMwA1ADgANAA1ADYAOQA3ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 598 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=227a652c-5f3c-45a4-8cfd-690f968ee8ae
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMgAyAC4AMwA3AC0AMgAxADMAMQA5ADkAMwA1ADgANAA1ADYAOQA3ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 597 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=227a652c-5f3c-45a4-8cfd-690f968ee8ae
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMgAyAC4AMwA3AC0AMgAxADMAMQA5ADkAMwA1ADgANAA1ADYAOQA3ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 596 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=227a652c-5f3c-45a4-8cfd-690f968ee8ae
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMgAyAC4AMwA3AC0AMgAxADMAMQA5ADkAMwA1ADgANAA1ADYAOQA3ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 595 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=227a652c-5f3c-45a4-8cfd-690f968ee8ae
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMgAyAC4AMwA3AC0AMgAxADMAMQA5ADkAMwA1ADgANAA1ADYAOQA3ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 594 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=227a652c-5f3c-45a4-8cfd-690f968ee8ae
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYANQA1ADgAMwA1ADgAMgAyAC4AMwA3AC0AMgAxADMAMQA5ADkAMwA1ADgANAA1ADYAOQA3ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 593 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3f5c68f8-03df-487b-8487-a35f09d9c6e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAGcAQQB5AEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAE0AQQBNAFEAQQA1AEEARABrAEEATQB3AEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAFkAQQBPAFEAQQAzAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=7dd00987-f346-4382-a379-bc85ebe4ecad
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 592 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3f5c68f8-03df-487b-8487-a35f09d9c6e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAGcAQQB5AEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAE0AQQBNAFEAQQA1AEEARABrAEEATQB3AEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAFkAQQBPAFEAQQAzAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 591 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3f5c68f8-03df-487b-8487-a35f09d9c6e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAGcAQQB5AEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAE0AQQBNAFEAQQA1AEEARABrAEEATQB3AEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAFkAQQBPAFEAQQAzAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 590 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3f5c68f8-03df-487b-8487-a35f09d9c6e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAGcAQQB5AEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAE0AQQBNAFEAQQA1AEEARABrAEEATQB3AEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAFkAQQBPAFEAQQAzAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 589 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3f5c68f8-03df-487b-8487-a35f09d9c6e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAGcAQQB5AEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAE0AQQBNAFEAQQA1AEEARABrAEEATQB3AEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAFkAQQBPAFEAQQAzAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 588 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3f5c68f8-03df-487b-8487-a35f09d9c6e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAGcAQQB5AEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAE0AQQBNAFEAQQA1AEEARABrAEEATQB3AEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAFkAQQBPAFEAQQAzAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 587 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3f5c68f8-03df-487b-8487-a35f09d9c6e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATgBRAEEAMQBBAEQAZwBBAE0AdwBBADEAQQBEAGcAQQBNAGcAQQB5AEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAE0AQQBNAFEAQQA1AEEARABrAEEATQB3AEEAMQBBAEQAZwBBAE4AQQBBADEAQQBEAFkAQQBPAFEAQQAzAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 586 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2541e136-d650-49af-af7e-7d2e88deff7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=060dd58e-c35f-469b-8adf-d30669ce136c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 585 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5031d7d3-0858-47dc-8c5e-e9efaee4863a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=36569126-bf65-4c60-8815-1df845c8d3c0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 584 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5031d7d3-0858-47dc-8c5e-e9efaee4863a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 583 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5031d7d3-0858-47dc-8c5e-e9efaee4863a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 582 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5031d7d3-0858-47dc-8c5e-e9efaee4863a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 581 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5031d7d3-0858-47dc-8c5e-e9efaee4863a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 580 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5031d7d3-0858-47dc-8c5e-e9efaee4863a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 579 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5031d7d3-0858-47dc-8c5e-e9efaee4863a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 578 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5031d7d3-0858-47dc-8c5e-e9efaee4863a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 577 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5031d7d3-0858-47dc-8c5e-e9efaee4863a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 576 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2541e136-d650-49af-af7e-7d2e88deff7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=060dd58e-c35f-469b-8adf-d30669ce136c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 575 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2541e136-d650-49af-af7e-7d2e88deff7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 574 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2541e136-d650-49af-af7e-7d2e88deff7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 573 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2541e136-d650-49af-af7e-7d2e88deff7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 572 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2541e136-d650-49af-af7e-7d2e88deff7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 571 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2541e136-d650-49af-af7e-7d2e88deff7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 570 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2541e136-d650-49af-af7e-7d2e88deff7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 569 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8028f098-e4d3-49ef-b2f3-eb1f8de43417
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1f4afffc-c69a-44a0-b97c-927cac36d5db
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 568 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a47c5ff4-0ac9-42d9-a9f5-99bd4705ac4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4062bf63-27a8-4f98-9f67-f3c577db4158
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 567 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a47c5ff4-0ac9-42d9-a9f5-99bd4705ac4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 566 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a47c5ff4-0ac9-42d9-a9f5-99bd4705ac4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 565 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a47c5ff4-0ac9-42d9-a9f5-99bd4705ac4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 564 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a47c5ff4-0ac9-42d9-a9f5-99bd4705ac4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 563 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a47c5ff4-0ac9-42d9-a9f5-99bd4705ac4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 562 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a47c5ff4-0ac9-42d9-a9f5-99bd4705ac4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 561 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a47c5ff4-0ac9-42d9-a9f5-99bd4705ac4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 560 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a47c5ff4-0ac9-42d9-a9f5-99bd4705ac4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 559 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8028f098-e4d3-49ef-b2f3-eb1f8de43417
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1f4afffc-c69a-44a0-b97c-927cac36d5db
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 558 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8028f098-e4d3-49ef-b2f3-eb1f8de43417
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 557 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8028f098-e4d3-49ef-b2f3-eb1f8de43417
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 556 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8028f098-e4d3-49ef-b2f3-eb1f8de43417
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 555 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8028f098-e4d3-49ef-b2f3-eb1f8de43417
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 554 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8028f098-e4d3-49ef-b2f3-eb1f8de43417
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 553 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8028f098-e4d3-49ef-b2f3-eb1f8de43417
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 552 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eefa7686-6a9f-4150-b847-2ae423d45cc2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=904ccdd7-714e-4aed-a8e2-a6afe717302c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 551 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7fc8e985-d454-4123-9d4a-36e9bf607121
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=cba4752c-ba29-42ff-a145-9c0b977b3e21
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 550 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7fc8e985-d454-4123-9d4a-36e9bf607121
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=cba4752c-ba29-42ff-a145-9c0b977b3e21
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 549 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7fc8e985-d454-4123-9d4a-36e9bf607121
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 548 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7fc8e985-d454-4123-9d4a-36e9bf607121
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 547 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7fc8e985-d454-4123-9d4a-36e9bf607121
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 546 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7fc8e985-d454-4123-9d4a-36e9bf607121
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 545 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7fc8e985-d454-4123-9d4a-36e9bf607121
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 544 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7fc8e985-d454-4123-9d4a-36e9bf607121
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 543 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7fc8e985-d454-4123-9d4a-36e9bf607121
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 542 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7fc8e985-d454-4123-9d4a-36e9bf607121
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 541 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eefa7686-6a9f-4150-b847-2ae423d45cc2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=904ccdd7-714e-4aed-a8e2-a6afe717302c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 540 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eefa7686-6a9f-4150-b847-2ae423d45cc2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 539 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eefa7686-6a9f-4150-b847-2ae423d45cc2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 538 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eefa7686-6a9f-4150-b847-2ae423d45cc2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 537 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eefa7686-6a9f-4150-b847-2ae423d45cc2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 536 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eefa7686-6a9f-4150-b847-2ae423d45cc2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 535 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eefa7686-6a9f-4150-b847-2ae423d45cc2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 534 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3524b141-a90f-40b3-aea9-b3dad5c9d3f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4f9aafd2-03f1-40b2-a054-32e9401ea369
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 533 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8237b63a-fad0-4460-b1d5-9bc0c81e3ad0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e976b108-f528-438f-8073-8941f589f977
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 532 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8237b63a-fad0-4460-b1d5-9bc0c81e3ad0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 531 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8237b63a-fad0-4460-b1d5-9bc0c81e3ad0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 530 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8237b63a-fad0-4460-b1d5-9bc0c81e3ad0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 529 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8237b63a-fad0-4460-b1d5-9bc0c81e3ad0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 528 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8237b63a-fad0-4460-b1d5-9bc0c81e3ad0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 527 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8237b63a-fad0-4460-b1d5-9bc0c81e3ad0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 526 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8237b63a-fad0-4460-b1d5-9bc0c81e3ad0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 525 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8237b63a-fad0-4460-b1d5-9bc0c81e3ad0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 524 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3524b141-a90f-40b3-aea9-b3dad5c9d3f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4f9aafd2-03f1-40b2-a054-32e9401ea369
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 523 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3524b141-a90f-40b3-aea9-b3dad5c9d3f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 522 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3524b141-a90f-40b3-aea9-b3dad5c9d3f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 521 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3524b141-a90f-40b3-aea9-b3dad5c9d3f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 520 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3524b141-a90f-40b3-aea9-b3dad5c9d3f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 519 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3524b141-a90f-40b3-aea9-b3dad5c9d3f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 518 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3524b141-a90f-40b3-aea9-b3dad5c9d3f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 517 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eb98631d-88a8-45cd-b009-f8a103365a7b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ee5ddf6a-0716-4f43-a736-67a7ce6719af
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 516 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad41674b-20b1-4ccc-8ad6-102de7723d64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f3ff48c7-5cb6-4df2-8afb-c306061d9f10
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 515 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad41674b-20b1-4ccc-8ad6-102de7723d64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 514 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad41674b-20b1-4ccc-8ad6-102de7723d64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 513 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad41674b-20b1-4ccc-8ad6-102de7723d64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 512 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad41674b-20b1-4ccc-8ad6-102de7723d64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 511 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad41674b-20b1-4ccc-8ad6-102de7723d64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 510 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad41674b-20b1-4ccc-8ad6-102de7723d64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 509 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad41674b-20b1-4ccc-8ad6-102de7723d64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 508 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad41674b-20b1-4ccc-8ad6-102de7723d64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 507 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eb98631d-88a8-45cd-b009-f8a103365a7b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ee5ddf6a-0716-4f43-a736-67a7ce6719af
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 506 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eb98631d-88a8-45cd-b009-f8a103365a7b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 505 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eb98631d-88a8-45cd-b009-f8a103365a7b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 504 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eb98631d-88a8-45cd-b009-f8a103365a7b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 503 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eb98631d-88a8-45cd-b009-f8a103365a7b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 502 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eb98631d-88a8-45cd-b009-f8a103365a7b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 501 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eb98631d-88a8-45cd-b009-f8a103365a7b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 500 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2e7b2eb-4da5-41bd-a551-2cf48457ecf0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fc7e6203-89d5-4fb3-aaa9-d4879f846b8e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 499 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a16d56d9-67ac-4161-be22-309ed6d07e5c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c21856ce-9490-44b4-a2a7-fa87397951ca
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 498 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a16d56d9-67ac-4161-be22-309ed6d07e5c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 497 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a16d56d9-67ac-4161-be22-309ed6d07e5c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 496 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a16d56d9-67ac-4161-be22-309ed6d07e5c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 495 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a16d56d9-67ac-4161-be22-309ed6d07e5c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 494 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a16d56d9-67ac-4161-be22-309ed6d07e5c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 493 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a16d56d9-67ac-4161-be22-309ed6d07e5c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 492 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a16d56d9-67ac-4161-be22-309ed6d07e5c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 491 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a16d56d9-67ac-4161-be22-309ed6d07e5c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 490 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2e7b2eb-4da5-41bd-a551-2cf48457ecf0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fc7e6203-89d5-4fb3-aaa9-d4879f846b8e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 489 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2e7b2eb-4da5-41bd-a551-2cf48457ecf0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 488 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2e7b2eb-4da5-41bd-a551-2cf48457ecf0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 487 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2e7b2eb-4da5-41bd-a551-2cf48457ecf0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 486 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2e7b2eb-4da5-41bd-a551-2cf48457ecf0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 485 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2e7b2eb-4da5-41bd-a551-2cf48457ecf0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 484 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2e7b2eb-4da5-41bd-a551-2cf48457ecf0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 483 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47b14e6c-72f0-424e-a724-bea03fd2e0c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4b50b776-1d13-4d26-acbe-e60b94189df8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 482 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79fdc83f-f52f-452e-bbe9-7a903a6ec5b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ea5c1759-76a0-45ad-939b-569e5ca0d118
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 481 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79fdc83f-f52f-452e-bbe9-7a903a6ec5b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 480 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79fdc83f-f52f-452e-bbe9-7a903a6ec5b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 479 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79fdc83f-f52f-452e-bbe9-7a903a6ec5b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 478 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79fdc83f-f52f-452e-bbe9-7a903a6ec5b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 477 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79fdc83f-f52f-452e-bbe9-7a903a6ec5b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 476 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79fdc83f-f52f-452e-bbe9-7a903a6ec5b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 475 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79fdc83f-f52f-452e-bbe9-7a903a6ec5b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 474 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79fdc83f-f52f-452e-bbe9-7a903a6ec5b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 473 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47b14e6c-72f0-424e-a724-bea03fd2e0c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4b50b776-1d13-4d26-acbe-e60b94189df8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 472 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47b14e6c-72f0-424e-a724-bea03fd2e0c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 471 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47b14e6c-72f0-424e-a724-bea03fd2e0c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 470 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47b14e6c-72f0-424e-a724-bea03fd2e0c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 469 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47b14e6c-72f0-424e-a724-bea03fd2e0c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 468 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47b14e6c-72f0-424e-a724-bea03fd2e0c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 467 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47b14e6c-72f0-424e-a724-bea03fd2e0c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 466 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=534a3dc9-cbc3-46c1-9480-43eececea79b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=50222877-f0f3-481c-87c3-fa43689b88b8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 465 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=484c02bb-f180-4b22-8c5e-a58526035a6b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=dc554589-2f88-499b-b260-c5aee2d5007f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 464 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=484c02bb-f180-4b22-8c5e-a58526035a6b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 463 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=484c02bb-f180-4b22-8c5e-a58526035a6b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 462 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=484c02bb-f180-4b22-8c5e-a58526035a6b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 461 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=484c02bb-f180-4b22-8c5e-a58526035a6b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 460 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=484c02bb-f180-4b22-8c5e-a58526035a6b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 459 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=484c02bb-f180-4b22-8c5e-a58526035a6b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 458 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=484c02bb-f180-4b22-8c5e-a58526035a6b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 457 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=484c02bb-f180-4b22-8c5e-a58526035a6b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 456 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=534a3dc9-cbc3-46c1-9480-43eececea79b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=50222877-f0f3-481c-87c3-fa43689b88b8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 455 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=534a3dc9-cbc3-46c1-9480-43eececea79b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 454 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=534a3dc9-cbc3-46c1-9480-43eececea79b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 453 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=534a3dc9-cbc3-46c1-9480-43eececea79b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 452 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=534a3dc9-cbc3-46c1-9480-43eececea79b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 451 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=534a3dc9-cbc3-46c1-9480-43eececea79b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 450 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=534a3dc9-cbc3-46c1-9480-43eececea79b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 449 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2eec44c8-c404-430a-8e2c-ef51d9477748
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=96547e63-97f8-49ee-a627-ca942d163654
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 448 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=99fab829-a24a-4c45-b885-176b8f94ebec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bb815cb4-ecee-4d44-8b27-d25a09ed6e70
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 447 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=99fab829-a24a-4c45-b885-176b8f94ebec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bb815cb4-ecee-4d44-8b27-d25a09ed6e70
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 446 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=99fab829-a24a-4c45-b885-176b8f94ebec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 445 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=99fab829-a24a-4c45-b885-176b8f94ebec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 444 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=99fab829-a24a-4c45-b885-176b8f94ebec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 443 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=99fab829-a24a-4c45-b885-176b8f94ebec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 442 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=99fab829-a24a-4c45-b885-176b8f94ebec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 441 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=99fab829-a24a-4c45-b885-176b8f94ebec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 440 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=99fab829-a24a-4c45-b885-176b8f94ebec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 439 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=99fab829-a24a-4c45-b885-176b8f94ebec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 438 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2eec44c8-c404-430a-8e2c-ef51d9477748
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=96547e63-97f8-49ee-a627-ca942d163654
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 437 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2eec44c8-c404-430a-8e2c-ef51d9477748
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 436 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2eec44c8-c404-430a-8e2c-ef51d9477748
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 435 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2eec44c8-c404-430a-8e2c-ef51d9477748
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 434 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2eec44c8-c404-430a-8e2c-ef51d9477748
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 433 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2eec44c8-c404-430a-8e2c-ef51d9477748
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 432 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2eec44c8-c404-430a-8e2c-ef51d9477748
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 431 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f599969-069d-491f-96c1-174cfcf52b90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=70cd25ec-d1d5-4435-befb-5f135b7698d8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 430 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bcce5523-2cc2-42c2-b33b-a56becc17454
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3d8281db-29e8-4468-9ac6-d4037ae6089c
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 429 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bcce5523-2cc2-42c2-b33b-a56becc17454
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3d8281db-29e8-4468-9ac6-d4037ae6089c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 428 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bcce5523-2cc2-42c2-b33b-a56becc17454
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 427 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bcce5523-2cc2-42c2-b33b-a56becc17454
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 426 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bcce5523-2cc2-42c2-b33b-a56becc17454
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 425 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bcce5523-2cc2-42c2-b33b-a56becc17454
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 424 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bcce5523-2cc2-42c2-b33b-a56becc17454
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 423 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bcce5523-2cc2-42c2-b33b-a56becc17454
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 422 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bcce5523-2cc2-42c2-b33b-a56becc17454
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 421 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bcce5523-2cc2-42c2-b33b-a56becc17454
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 420 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f599969-069d-491f-96c1-174cfcf52b90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=70cd25ec-d1d5-4435-befb-5f135b7698d8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 419 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f599969-069d-491f-96c1-174cfcf52b90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 418 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f599969-069d-491f-96c1-174cfcf52b90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 417 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f599969-069d-491f-96c1-174cfcf52b90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 416 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f599969-069d-491f-96c1-174cfcf52b90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 415 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f599969-069d-491f-96c1-174cfcf52b90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 414 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f599969-069d-491f-96c1-174cfcf52b90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 413 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32c72e11-6ca8-43ef-9d8e-1dc2ab597526
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8f401627-a79e-485a-addf-b3a319b03736
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 412 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6c618a02-3221-47fa-911d-4300d41eef00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5616b698-df99-4a4d-a722-561701362261
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 411 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6c618a02-3221-47fa-911d-4300d41eef00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5616b698-df99-4a4d-a722-561701362261
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 410 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6c618a02-3221-47fa-911d-4300d41eef00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 409 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6c618a02-3221-47fa-911d-4300d41eef00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 408 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6c618a02-3221-47fa-911d-4300d41eef00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 407 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6c618a02-3221-47fa-911d-4300d41eef00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 406 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6c618a02-3221-47fa-911d-4300d41eef00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 405 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6c618a02-3221-47fa-911d-4300d41eef00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 404 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6c618a02-3221-47fa-911d-4300d41eef00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 403 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6c618a02-3221-47fa-911d-4300d41eef00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 402 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32c72e11-6ca8-43ef-9d8e-1dc2ab597526
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8f401627-a79e-485a-addf-b3a319b03736
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 401 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32c72e11-6ca8-43ef-9d8e-1dc2ab597526
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 400 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32c72e11-6ca8-43ef-9d8e-1dc2ab597526
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 399 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32c72e11-6ca8-43ef-9d8e-1dc2ab597526
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 398 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32c72e11-6ca8-43ef-9d8e-1dc2ab597526
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 397 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32c72e11-6ca8-43ef-9d8e-1dc2ab597526
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 396 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32c72e11-6ca8-43ef-9d8e-1dc2ab597526
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 395 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6798a06-cc9f-4e5f-b7fa-e8aecaceeb65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=59d59d55-5b78-43b2-b46b-63602aefa9cd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 394 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab54eef4-ed1a-43dd-965d-d54692f81ed0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fa20e22f-417f-4b02-879f-07f4f6eca29e
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 393 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab54eef4-ed1a-43dd-965d-d54692f81ed0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fa20e22f-417f-4b02-879f-07f4f6eca29e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 392 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab54eef4-ed1a-43dd-965d-d54692f81ed0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 391 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab54eef4-ed1a-43dd-965d-d54692f81ed0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 390 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab54eef4-ed1a-43dd-965d-d54692f81ed0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 389 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab54eef4-ed1a-43dd-965d-d54692f81ed0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 388 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab54eef4-ed1a-43dd-965d-d54692f81ed0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 387 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab54eef4-ed1a-43dd-965d-d54692f81ed0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 386 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab54eef4-ed1a-43dd-965d-d54692f81ed0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 385 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab54eef4-ed1a-43dd-965d-d54692f81ed0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 384 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6798a06-cc9f-4e5f-b7fa-e8aecaceeb65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=59d59d55-5b78-43b2-b46b-63602aefa9cd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 383 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6798a06-cc9f-4e5f-b7fa-e8aecaceeb65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 382 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6798a06-cc9f-4e5f-b7fa-e8aecaceeb65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 381 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6798a06-cc9f-4e5f-b7fa-e8aecaceeb65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 380 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6798a06-cc9f-4e5f-b7fa-e8aecaceeb65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 379 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6798a06-cc9f-4e5f-b7fa-e8aecaceeb65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 378 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6798a06-cc9f-4e5f-b7fa-e8aecaceeb65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 377 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02fcb545-0f4f-47ec-9e3d-128e3112a478
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=81e710f6-8d40-415a-9a4e-fd868ceb939d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 376 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=62dbd3f1-2b68-4343-9049-6bbcbc3946cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5ff3d2d0-d719-42c7-abee-e3a76c33568f
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 375 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=62dbd3f1-2b68-4343-9049-6bbcbc3946cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5ff3d2d0-d719-42c7-abee-e3a76c33568f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 374 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=62dbd3f1-2b68-4343-9049-6bbcbc3946cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 373 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=62dbd3f1-2b68-4343-9049-6bbcbc3946cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 372 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=62dbd3f1-2b68-4343-9049-6bbcbc3946cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 371 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=62dbd3f1-2b68-4343-9049-6bbcbc3946cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 370 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=62dbd3f1-2b68-4343-9049-6bbcbc3946cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 369 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=62dbd3f1-2b68-4343-9049-6bbcbc3946cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 368 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=62dbd3f1-2b68-4343-9049-6bbcbc3946cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 367 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=62dbd3f1-2b68-4343-9049-6bbcbc3946cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 366 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02fcb545-0f4f-47ec-9e3d-128e3112a478
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=81e710f6-8d40-415a-9a4e-fd868ceb939d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 365 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02fcb545-0f4f-47ec-9e3d-128e3112a478
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 364 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02fcb545-0f4f-47ec-9e3d-128e3112a478
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 363 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02fcb545-0f4f-47ec-9e3d-128e3112a478
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 362 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02fcb545-0f4f-47ec-9e3d-128e3112a478
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 361 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02fcb545-0f4f-47ec-9e3d-128e3112a478
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 360 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02fcb545-0f4f-47ec-9e3d-128e3112a478
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 359 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4a8d89ef-8bdc-48d2-bbf9-f3f91205a670
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d3f35696-d5a8-465d-882d-87c8494b9f15
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 358 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ac8c9f4-c2dc-4437-83ea-016440f1f24b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9d2618ff-e2ae-4ee0-9e05-f6d432acc2d5
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 357 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ac8c9f4-c2dc-4437-83ea-016440f1f24b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9d2618ff-e2ae-4ee0-9e05-f6d432acc2d5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 356 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ac8c9f4-c2dc-4437-83ea-016440f1f24b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 355 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ac8c9f4-c2dc-4437-83ea-016440f1f24b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 354 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ac8c9f4-c2dc-4437-83ea-016440f1f24b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 353 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ac8c9f4-c2dc-4437-83ea-016440f1f24b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 352 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ac8c9f4-c2dc-4437-83ea-016440f1f24b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 351 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ac8c9f4-c2dc-4437-83ea-016440f1f24b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 350 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ac8c9f4-c2dc-4437-83ea-016440f1f24b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 349 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ac8c9f4-c2dc-4437-83ea-016440f1f24b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 348 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4a8d89ef-8bdc-48d2-bbf9-f3f91205a670
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d3f35696-d5a8-465d-882d-87c8494b9f15
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 347 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4a8d89ef-8bdc-48d2-bbf9-f3f91205a670
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 346 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4a8d89ef-8bdc-48d2-bbf9-f3f91205a670
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 345 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4a8d89ef-8bdc-48d2-bbf9-f3f91205a670
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 344 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4a8d89ef-8bdc-48d2-bbf9-f3f91205a670
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 343 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4a8d89ef-8bdc-48d2-bbf9-f3f91205a670
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 342 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4a8d89ef-8bdc-48d2-bbf9-f3f91205a670
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 341 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d7ce77f-5a9f-44ca-bb4c-53cffe731033
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3f81d2e5-e4f1-4685-b85d-e502f7b6f4a9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 340 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c5fc797-1304-459a-b743-77f3267df492
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5712d106-3783-475a-a669-8bc45c8e0e64
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 339 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c5fc797-1304-459a-b743-77f3267df492
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5712d106-3783-475a-a669-8bc45c8e0e64
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 338 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c5fc797-1304-459a-b743-77f3267df492
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 337 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c5fc797-1304-459a-b743-77f3267df492
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 336 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c5fc797-1304-459a-b743-77f3267df492
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 335 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c5fc797-1304-459a-b743-77f3267df492
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 334 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c5fc797-1304-459a-b743-77f3267df492
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 333 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c5fc797-1304-459a-b743-77f3267df492
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 332 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c5fc797-1304-459a-b743-77f3267df492
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 331 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c5fc797-1304-459a-b743-77f3267df492
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 330 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d7ce77f-5a9f-44ca-bb4c-53cffe731033
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3f81d2e5-e4f1-4685-b85d-e502f7b6f4a9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 329 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d7ce77f-5a9f-44ca-bb4c-53cffe731033
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 328 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d7ce77f-5a9f-44ca-bb4c-53cffe731033
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 327 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d7ce77f-5a9f-44ca-bb4c-53cffe731033
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 326 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d7ce77f-5a9f-44ca-bb4c-53cffe731033
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 325 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d7ce77f-5a9f-44ca-bb4c-53cffe731033
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 324 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d7ce77f-5a9f-44ca-bb4c-53cffe731033
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 323 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e8774437-61d4-40c9-8713-9ba3c6955dd9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9eab3585-b2d5-4b3e-9646-494b46c2e779
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 322 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e00f5e4e-5f75-42d9-86d2-98966b7c64da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e01b29a7-3bc8-4388-9252-614bf587b4f4
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 321 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e00f5e4e-5f75-42d9-86d2-98966b7c64da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e01b29a7-3bc8-4388-9252-614bf587b4f4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 320 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e00f5e4e-5f75-42d9-86d2-98966b7c64da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 319 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e00f5e4e-5f75-42d9-86d2-98966b7c64da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 318 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e00f5e4e-5f75-42d9-86d2-98966b7c64da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 317 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e00f5e4e-5f75-42d9-86d2-98966b7c64da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 316 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e00f5e4e-5f75-42d9-86d2-98966b7c64da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 315 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e00f5e4e-5f75-42d9-86d2-98966b7c64da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 314 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e00f5e4e-5f75-42d9-86d2-98966b7c64da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 313 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e00f5e4e-5f75-42d9-86d2-98966b7c64da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 312 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:23:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e8774437-61d4-40c9-8713-9ba3c6955dd9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9eab3585-b2d5-4b3e-9646-494b46c2e779
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 311 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e8774437-61d4-40c9-8713-9ba3c6955dd9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 310 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e8774437-61d4-40c9-8713-9ba3c6955dd9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 309 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e8774437-61d4-40c9-8713-9ba3c6955dd9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 308 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e8774437-61d4-40c9-8713-9ba3c6955dd9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 307 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e8774437-61d4-40c9-8713-9ba3c6955dd9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 306 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e8774437-61d4-40c9-8713-9ba3c6955dd9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 305 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df2ae19f-b3c2-4a12-bdd4-3a7c0215b6d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0c8ff766-5a21-44f4-8161-f99c30c4502a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 304 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3f0dd9a9-a239-4d9f-a459-35e3cb718b2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fb23e20f-b676-47c8-a197-7f35668d3631
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 303 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3f0dd9a9-a239-4d9f-a459-35e3cb718b2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fb23e20f-b676-47c8-a197-7f35668d3631
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 302 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3f0dd9a9-a239-4d9f-a459-35e3cb718b2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 301 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3f0dd9a9-a239-4d9f-a459-35e3cb718b2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 300 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3f0dd9a9-a239-4d9f-a459-35e3cb718b2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 299 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3f0dd9a9-a239-4d9f-a459-35e3cb718b2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 298 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3f0dd9a9-a239-4d9f-a459-35e3cb718b2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 297 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3f0dd9a9-a239-4d9f-a459-35e3cb718b2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 296 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3f0dd9a9-a239-4d9f-a459-35e3cb718b2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 295 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3f0dd9a9-a239-4d9f-a459-35e3cb718b2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 294 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df2ae19f-b3c2-4a12-bdd4-3a7c0215b6d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0c8ff766-5a21-44f4-8161-f99c30c4502a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 293 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df2ae19f-b3c2-4a12-bdd4-3a7c0215b6d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 292 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df2ae19f-b3c2-4a12-bdd4-3a7c0215b6d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 291 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df2ae19f-b3c2-4a12-bdd4-3a7c0215b6d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 290 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df2ae19f-b3c2-4a12-bdd4-3a7c0215b6d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 289 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df2ae19f-b3c2-4a12-bdd4-3a7c0215b6d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 288 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df2ae19f-b3c2-4a12-bdd4-3a7c0215b6d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 287 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91078477-8777-4cf4-97af-bf4167e5417a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5c9135b8-c3c3-4540-82f4-f9bf730eeb26
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 286 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a7cc24fd-2642-4b92-9adb-7a7fbbb7c01d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=cb71db50-3b7d-4237-bbfa-0723e871df41
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 285 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a7cc24fd-2642-4b92-9adb-7a7fbbb7c01d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=cb71db50-3b7d-4237-bbfa-0723e871df41
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 284 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a7cc24fd-2642-4b92-9adb-7a7fbbb7c01d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 283 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a7cc24fd-2642-4b92-9adb-7a7fbbb7c01d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 282 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a7cc24fd-2642-4b92-9adb-7a7fbbb7c01d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 281 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a7cc24fd-2642-4b92-9adb-7a7fbbb7c01d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 280 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a7cc24fd-2642-4b92-9adb-7a7fbbb7c01d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 279 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a7cc24fd-2642-4b92-9adb-7a7fbbb7c01d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 278 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a7cc24fd-2642-4b92-9adb-7a7fbbb7c01d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 277 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a7cc24fd-2642-4b92-9adb-7a7fbbb7c01d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 276 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91078477-8777-4cf4-97af-bf4167e5417a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5c9135b8-c3c3-4540-82f4-f9bf730eeb26
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 275 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91078477-8777-4cf4-97af-bf4167e5417a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 274 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91078477-8777-4cf4-97af-bf4167e5417a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 273 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91078477-8777-4cf4-97af-bf4167e5417a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 272 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91078477-8777-4cf4-97af-bf4167e5417a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 271 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91078477-8777-4cf4-97af-bf4167e5417a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 270 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91078477-8777-4cf4-97af-bf4167e5417a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 269 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a42348ca-c3d5-409b-b9cc-0c6a61d7266c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4869798a-4347-4413-bde7-c089cb81a2de
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 268 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=84031c4c-792f-4321-964f-a6541bef7095
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=08752497-0a7b-4de7-983e-e71ee63332df
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 267 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=84031c4c-792f-4321-964f-a6541bef7095
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=08752497-0a7b-4de7-983e-e71ee63332df
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 266 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=84031c4c-792f-4321-964f-a6541bef7095
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 265 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=84031c4c-792f-4321-964f-a6541bef7095
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 264 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=84031c4c-792f-4321-964f-a6541bef7095
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 263 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=84031c4c-792f-4321-964f-a6541bef7095
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 262 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=84031c4c-792f-4321-964f-a6541bef7095
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 261 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=84031c4c-792f-4321-964f-a6541bef7095
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 260 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=84031c4c-792f-4321-964f-a6541bef7095
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 259 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=84031c4c-792f-4321-964f-a6541bef7095
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 258 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a42348ca-c3d5-409b-b9cc-0c6a61d7266c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4869798a-4347-4413-bde7-c089cb81a2de
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 257 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a42348ca-c3d5-409b-b9cc-0c6a61d7266c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 256 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a42348ca-c3d5-409b-b9cc-0c6a61d7266c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 255 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a42348ca-c3d5-409b-b9cc-0c6a61d7266c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 254 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a42348ca-c3d5-409b-b9cc-0c6a61d7266c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 253 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a42348ca-c3d5-409b-b9cc-0c6a61d7266c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 252 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a42348ca-c3d5-409b-b9cc-0c6a61d7266c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 251 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c788b581-7970-4d8c-8498-c268bd6c9594
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b3bb622c-169f-4728-b1f8-bfafe4e8d02e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 250 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c78196ba-714f-46d1-b939-1ba30cba30b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bde13c3a-5701-414e-babe-80848f9cd000
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 249 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c78196ba-714f-46d1-b939-1ba30cba30b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bde13c3a-5701-414e-babe-80848f9cd000
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 248 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c78196ba-714f-46d1-b939-1ba30cba30b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 247 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c78196ba-714f-46d1-b939-1ba30cba30b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 246 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c78196ba-714f-46d1-b939-1ba30cba30b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 245 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c78196ba-714f-46d1-b939-1ba30cba30b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 244 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c78196ba-714f-46d1-b939-1ba30cba30b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 243 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c78196ba-714f-46d1-b939-1ba30cba30b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 242 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c78196ba-714f-46d1-b939-1ba30cba30b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 241 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c78196ba-714f-46d1-b939-1ba30cba30b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 240 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c788b581-7970-4d8c-8498-c268bd6c9594
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b3bb622c-169f-4728-b1f8-bfafe4e8d02e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 239 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c788b581-7970-4d8c-8498-c268bd6c9594
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 238 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c788b581-7970-4d8c-8498-c268bd6c9594
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 237 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c788b581-7970-4d8c-8498-c268bd6c9594
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 236 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c788b581-7970-4d8c-8498-c268bd6c9594
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 235 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c788b581-7970-4d8c-8498-c268bd6c9594
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 234 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c788b581-7970-4d8c-8498-c268bd6c9594
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 233 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5c750f7f-5184-40db-a5a9-47beb4cb15b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4750151d-5ad9-47de-89e9-89a1ff9d56c5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 232 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd09b78b-c9d0-4384-9179-995ee5041364
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=5.1.14393.1944
RunspaceId=9db36a2f-ee8d-486e-90e9-2c2e4ad9b272
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 231 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd09b78b-c9d0-4384-9179-995ee5041364
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=5.1.14393.1944
RunspaceId=9db36a2f-ee8d-486e-90e9-2c2e4ad9b272
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 230 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd09b78b-c9d0-4384-9179-995ee5041364
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 229 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd09b78b-c9d0-4384-9179-995ee5041364
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 228 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd09b78b-c9d0-4384-9179-995ee5041364
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 227 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd09b78b-c9d0-4384-9179-995ee5041364
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 226 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd09b78b-c9d0-4384-9179-995ee5041364
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 225 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd09b78b-c9d0-4384-9179-995ee5041364
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 224 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f14df2a9-be34-4e01-b2cf-62e604c8837e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4346041b-e9ce-4bc2-8279-363f158a7908
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 223 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f14df2a9-be34-4e01-b2cf-62e604c8837e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4346041b-e9ce-4bc2-8279-363f158a7908
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 222 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f14df2a9-be34-4e01-b2cf-62e604c8837e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 221 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f14df2a9-be34-4e01-b2cf-62e604c8837e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 220 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f14df2a9-be34-4e01-b2cf-62e604c8837e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 219 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f14df2a9-be34-4e01-b2cf-62e604c8837e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 218 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f14df2a9-be34-4e01-b2cf-62e604c8837e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 217 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f14df2a9-be34-4e01-b2cf-62e604c8837e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 216 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f14df2a9-be34-4e01-b2cf-62e604c8837e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 215 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f14df2a9-be34-4e01-b2cf-62e604c8837e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 214 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5c750f7f-5184-40db-a5a9-47beb4cb15b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4750151d-5ad9-47de-89e9-89a1ff9d56c5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 213 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5c750f7f-5184-40db-a5a9-47beb4cb15b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 212 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5c750f7f-5184-40db-a5a9-47beb4cb15b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 211 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5c750f7f-5184-40db-a5a9-47beb4cb15b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 210 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5c750f7f-5184-40db-a5a9-47beb4cb15b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 209 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5c750f7f-5184-40db-a5a9-47beb4cb15b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 208 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5c750f7f-5184-40db-a5a9-47beb4cb15b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 207 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0f45862-a79a-47b3-a303-42dda868442a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=75989836-b85b-4743-8528-21ce67d091ac
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 206 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=701b1e18-c66d-4bd9-a129-cd762fcd1343
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=27cfca3a-fee9-49b5-aa34-83e3b370a948
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 205 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=701b1e18-c66d-4bd9-a129-cd762fcd1343
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 204 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=701b1e18-c66d-4bd9-a129-cd762fcd1343
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 203 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=701b1e18-c66d-4bd9-a129-cd762fcd1343
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 202 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=701b1e18-c66d-4bd9-a129-cd762fcd1343
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 201 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=701b1e18-c66d-4bd9-a129-cd762fcd1343
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 200 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=701b1e18-c66d-4bd9-a129-cd762fcd1343
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 199 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=701b1e18-c66d-4bd9-a129-cd762fcd1343
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 198 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=701b1e18-c66d-4bd9-a129-cd762fcd1343
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 197 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0f45862-a79a-47b3-a303-42dda868442a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=75989836-b85b-4743-8528-21ce67d091ac
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 196 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0f45862-a79a-47b3-a303-42dda868442a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 195 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0f45862-a79a-47b3-a303-42dda868442a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 194 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0f45862-a79a-47b3-a303-42dda868442a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 193 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0f45862-a79a-47b3-a303-42dda868442a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 192 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0f45862-a79a-47b3-a303-42dda868442a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 191 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0f45862-a79a-47b3-a303-42dda868442a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 190 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=36
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0ffa500-ba15-44a1-b9ae-c4d135912b01
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=78a7cbe4-ca5c-44f7-b94d-cf74f05824aa
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 189 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=34
UserId=N-H1-847001-3\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=951cf174-219f-4608-ae9e-b0c960d8cc63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e0749b47-253a-4a0b-8f79-8c254539936e
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 188 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=951cf174-219f-4608-ae9e-b0c960d8cc63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e0749b47-253a-4a0b-8f79-8c254539936e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 187 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=951cf174-219f-4608-ae9e-b0c960d8cc63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 186 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=951cf174-219f-4608-ae9e-b0c960d8cc63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 185 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=951cf174-219f-4608-ae9e-b0c960d8cc63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 184 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=951cf174-219f-4608-ae9e-b0c960d8cc63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 183 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=951cf174-219f-4608-ae9e-b0c960d8cc63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 182 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=951cf174-219f-4608-ae9e-b0c960d8cc63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 181 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=951cf174-219f-4608-ae9e-b0c960d8cc63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 180 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=951cf174-219f-4608-ae9e-b0c960d8cc63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 179 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0ffa500-ba15-44a1-b9ae-c4d135912b01
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=78a7cbe4-ca5c-44f7-b94d-cf74f05824aa
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 178 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0ffa500-ba15-44a1-b9ae-c4d135912b01
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 177 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0ffa500-ba15-44a1-b9ae-c4d135912b01
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 176 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0ffa500-ba15-44a1-b9ae-c4d135912b01
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 175 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0ffa500-ba15-44a1-b9ae-c4d135912b01
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 174 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0ffa500-ba15-44a1-b9ae-c4d135912b01
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 173 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0ffa500-ba15-44a1-b9ae-c4d135912b01
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 172 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:22:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82265327-a89e-44bd-bc45-2222a8f49c27
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=516dd656-892e-466a-b23c-9ebe67a69d1b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 171 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:20:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=722df2af-f42c-44f0-bf3a-5d32d2d37257
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=eef984a5-40fc-4d0b-8298-6ff5ff93d770
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 170 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:20:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=722df2af-f42c-44f0-bf3a-5d32d2d37257
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 169 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:20:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=722df2af-f42c-44f0-bf3a-5d32d2d37257
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 168 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:20:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=722df2af-f42c-44f0-bf3a-5d32d2d37257
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 167 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:20:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=722df2af-f42c-44f0-bf3a-5d32d2d37257
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 166 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:20:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=722df2af-f42c-44f0-bf3a-5d32d2d37257
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 165 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:20:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=722df2af-f42c-44f0-bf3a-5d32d2d37257
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 164 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:20:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=722df2af-f42c-44f0-bf3a-5d32d2d37257
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 163 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:20:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=722df2af-f42c-44f0-bf3a-5d32d2d37257
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 162 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:20:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82265327-a89e-44bd-bc45-2222a8f49c27
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=516dd656-892e-466a-b23c-9ebe67a69d1b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 161 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:20:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82265327-a89e-44bd-bc45-2222a8f49c27
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 160 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:20:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82265327-a89e-44bd-bc45-2222a8f49c27
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 159 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:20:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82265327-a89e-44bd-bc45-2222a8f49c27
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 158 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:20:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82265327-a89e-44bd-bc45-2222a8f49c27
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 157 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:20:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82265327-a89e-44bd-bc45-2222a8f49c27
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 156 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:20:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82265327-a89e-44bd-bc45-2222a8f49c27
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 155 | PowerShell | | Windows PowerShell | | | n-h1-847001-3 | | 6/21/2022 6:20:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=5.1.14393.1944
RunspaceId=7daab07d-0651-4522-8638-68cfa15aacea
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 154 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 153 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=13
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 152 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 151 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 150 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 149 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 148 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 147 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 146 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=5.1.14393.1944
RunspaceId=aec94911-82d5-4605-ada7-e49055ea6007
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 145 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 144 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 143 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 142 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 141 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 140 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 139 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=5.1.14393.1944
RunspaceId=8db922f0-0511-49c4-b38a-fbdb0b2889c8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 138 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 137 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 136 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 135 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 134 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 133 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 132 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=5.1.14393.1944
RunspaceId=f313b4cd-0f39-498d-9ea1-7d6a0388a78e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 131 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 130 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 129 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 128 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 127 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 126 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 125 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=5.1.14393.1944
RunspaceId=36a249c5-de3e-419e-a7df-98ad369b2d9e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 124 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 123 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 122 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 121 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 120 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 119 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 118 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=19
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=52ed0133-95ba-4d7e-a2ba-ec8c934216bb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 117 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:11:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=98467050-eab8-4e58-97d4-7e9397ff0dd0
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 116 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=98467050-eab8-4e58-97d4-7e9397ff0dd0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 115 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 114 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 113 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 112 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 111 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 110 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 109 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=52ed0133-95ba-4d7e-a2ba-ec8c934216bb
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 108 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=52ed0133-95ba-4d7e-a2ba-ec8c934216bb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 107 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 106 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 105 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 104 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 103 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 102 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 101 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=17
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=4d6fad3d-f0b3-4bbe-8ad9-b26d9ec7292f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 100 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:54:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=a4a0a07f-06ac-4a2d-86a2-f4c056fed0a8
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 99 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=a4a0a07f-06ac-4a2d-86a2-f4c056fed0a8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 98 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 97 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 96 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 95 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 94 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 93 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 92 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=4d6fad3d-f0b3-4bbe-8ad9-b26d9ec7292f
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 91 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=4d6fad3d-f0b3-4bbe-8ad9-b26d9ec7292f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 90 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 89 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 88 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 87 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 86 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 85 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 84 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=17
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=c332c739-15b8-4812-b056-a474dd9993ce
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 83 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:45:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=27951a80-e512-49a7-b578-8a8c4c59ae5e
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 82 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=27951a80-e512-49a7-b578-8a8c4c59ae5e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 81 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 80 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 79 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 78 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 77 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 76 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 75 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=c332c739-15b8-4812-b056-a474dd9993ce
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 74 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=c332c739-15b8-4812-b056-a474dd9993ce
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 73 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 72 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 71 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 70 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 69 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 68 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 67 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=4d7d6ea6-001a-4f6f-8ec6-2fb1c9710a0b
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 66 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=4d7d6ea6-001a-4f6f-8ec6-2fb1c9710a0b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 65 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 64 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 63 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 62 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 61 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 60 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 59 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=0abd4cfa-d693-4f23-b0cc-b5ff1c872ac6
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 58 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=0abd4cfa-d693-4f23-b0cc-b5ff1c872ac6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 57 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 56 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 55 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 54 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 53 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 52 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 51 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=17
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=21324846-87d1-4add-8e96-8b8ecf3baec5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 50 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:02:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=435f43b7-5ec6-41ea-9e53-9b93107b8d41
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 49 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=435f43b7-5ec6-41ea-9e53-9b93107b8d41
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 48 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 47 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 46 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 45 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 44 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 43 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 42 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=21324846-87d1-4add-8e96-8b8ecf3baec5
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 41 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=21324846-87d1-4add-8e96-8b8ecf3baec5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 40 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 39 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 38 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 37 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 36 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 35 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 34 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=17
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.0
RunspaceId=9f172a18-8cea-4b39-aef6-cb820c01f9d3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 33 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:35:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.0
RunspaceId=e01d735e-b2d6-4538-b5bc-96db397d918b
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 32 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.0
RunspaceId=e01d735e-b2d6-4538-b5bc-96db397d918b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 31 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 30 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 29 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 28 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 27 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 26 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 25 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.0
RunspaceId=9f172a18-8cea-4b39-aef6-cb820c01f9d3
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 24 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.0
RunspaceId=9f172a18-8cea-4b39-aef6-cb820c01f9d3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 23 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 22 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 21 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 20 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 19 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 18 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 17 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=5.1.14393.0
RunspaceId=8cefcba8-87f3-4fed-b96a-f2c105b2f3da
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 16 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=5.1.14393.0
RunspaceId=8cefcba8-87f3-4fed-b96a-f2c105b2f3da
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 15 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 14 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 13 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 12 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 11 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 10 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 9 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=5.1.14393.0
RunspaceId=16e771eb-c367-43f8-b362-2bd303750968
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 8 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=5.1.14393.0
RunspaceId=16e771eb-c367-43f8-b362-2bd303750968
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 7 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 6 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 5 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 4 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |